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IT PRO PERSPECTIVE 


Crockett 

"We're reinventing the way we deliver 
content so that the format better 
matches the information." 



Riding Out the IT Storm 

Windows IT Pro offers valuable resources in tough economic times 


E very morning, the newspaper headlines get worse. The 
recession is now spanning far beyond its origin in the 
mortgage industry, turning its corrosive spotlight on every 
other sector you could name. (Except, I heard recently, 
the health care industry: If I could stand the sight of blood, 
I would seriously contemplate medical school.) But two of 
those damaged sectors cut close to home for the staff and contributors 
of Windows IT Pro: the publishing industry and the IT industry. 

The publishing industry problems aren't new to this recession. 
However, the current recession will hasten the absolute overhaul of 
this business that has been coming for years. Particularly in the B2B 
publishing arena, the cost of paper, printing, and postage for produc¬ 
ing the magazine you hold in your hands has risen astronomically. 
At the same time, advertisers are increasingly interested in results- 
oriented marketing. We can demonstrate results when a reader 
clicks on an online advertisement. But we can't prove that you took 
action because of an ad in the magazine. So as ad pages decrease, 
inevitably the magazine will be thinner until the tide turns again and 
media planners discover anew the branding and awareness value of 
the magazine. 

In the meantime, we're not just hiding under our print maga¬ 
zines and hoping to ride out the storm—we're looking at the power¬ 
ful ways we can bring you technical content and industry analysis 
in multiple formats, including print magazines, web seminars, 
in-person events, conferences, virtual events, videos, blogs, and 
forums. We're reinventing the way we deliver content to you so that 
the format better matches the information. Like Microsoft, we can 
give you "on premises" products—the print magazine, books, and 
DVD resources, and in-person events. But we also deliver services 
"in the cloud" with a wealth of online training and technical infor¬ 
mation resources. 

The first step toward this new information delivery is relaunching 
our website, which should be a done deal by the time you read this. 
(If it's not, it's only days away.) The new platform will allow us much 
more flexibility in delivering content and will feature more screen 
area devoted to editorial content and related visual elements. You'll 
also notice new tools for helping you connect with the IT community, 
including revamped blogs, forums, and social networking features. 

Our new web strategy will allow our editors to produce and 
acquire the best content they can and present it to you in topic areas 
so that it's easy to find. The editors will be constantly refreshing these 
topic areas, pointing you to the best technical articles, training events, 


and other resources on the web. We'll be bringing you more content 
"from the trenches" as we engage with user groups whose members 
will contribute their experiences of how IT organizations operate in 
many far-flung places across the world. 

We're also redoubling our efforts to bring you practical informa¬ 
tion so you can do your current job better or acquire new skills for a 
different job. These resources include a new online store for techni¬ 
cal resources (www.left-brain.com) , a series of Web-based learning 
seminars (www.windowsitpro.com/events) , and how-to screencasts 
at our video site (www.ittv.net) . In addition to helping you boost your 
technical skills, we're planning activities to help you find your next 
job—watch for news on our site about a web-based job fair coming 
this summer. 

Our current focus on skill boosting and career development, of 
course, reflects the sobering state of this industry: Consulting orga¬ 
nization Challenger, Gray & Christmas calculated that the computer 
industry ranked third among industries suffering job losses, with a 
whopping 22,330 layoffs in January alone. 

Although the publishing industry will probably never be the same 
again after this recession, the future of the computer industry is as 
bright as an iPhone screen. In seemingly utter defiance of the bleak 
statistics, chip manufacturer Intel bravely forged ahead with innova¬ 
tion in February by announcing a $7 billion investment in manufac¬ 
turing facilities for its 32-nanometer technology. 

In a National Public Radio interview, Intel CEO Paul Otellini said 
that the reason for Intel's boldness is simple: The company is betting 
that technology will lead us out of this recession. "We believe that 
people will continue to want to buy computers," Otellini said. "If your 
computer broke tonight when you went home, you wouldn't wait 
for the recession to end to buy a new computer. It's an indispensible 
part of your life." 

Otellini's conviction that technology is what will pull us out of the 
recession is inspiring—and, we hope, accurate. In the meantime, 
we'd all do well to learn new skills so we'll be ready to ride the wave 
back up. Until then, thanks for staying the course with us while we 
wait for that next boom. ^ 

InstantDoc ID 101536 
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■READER FEEDBACK 


■ Cloud computing 

■ SBS and EBS 2008 


Cloud Computing Questions 
Remain 

I read Jeff James's IT Pro Perspective, "Cloud 
Computing" (January 2009, InstantDoc 
ID 100943 ). As an IT consultant, I have a 
vested interest in 
cloud comput¬ 
ing. My clients hire 
me to provide the 
most efficient, cost- 
effective technology 
available. My view 
is simplistic. When 
evaluating Software 
as a Service (SaaS), 

I put everything in 
the context of the 
five-pronged ISO 
network manage¬ 
ment model: fault 
management, configuration management, 
accounting management, performance 
management, and security management. 

During evaluation, almost everything 
(technically speaking) can be put in the 
context of the ISO model. For example, if 
I put an app in the cloud, how well will it 
integrate with another app that I can't put 
in the cloud? How secure is the cloud? How 
can I know that my mission-critical data 
is secure? What is my exit strategy if my 
SaaS vendor exits the industry or if I decide 
that the vendor isn't providing the service 
I expect? What do I do if the performance 
isn't acceptable? What do I do in the event 
of a problem? 

As you can see, many questions need to 
be answered (and not by marketing). And 
SaaS has to be proven to be a viable alterna¬ 
tive to software that's in-house, secure, and 
available almost 100 percent of the time— 
not to mention in a place where I can access 
it at gigabit network speeds. 


■ Network problems 


SBS 2008 and EBS 2008 

As someone who continues to deploy 
Microsoft Windows Small Business Server 
(SBS) 2003 with relative regularity, I read 
Karen Forster's "SBS 2008 and EBS 2008 
Revealed" (November 2008, 
InstantDoc ID 100259) with 
great interest. But the article 
made me nervous about my 
impending first experiences 
with either of these prod¬ 
ucts. One of the first things I 
do after installing a fresh ver¬ 
sion of SBS 2003 is undo and 
work around most of what I 
call "SBS wizardry." Over the 
years, I've become quite adept 
at disabling all the features 
and built-in configurations 
that Microsoft deemed best 
practices when it released SBS 2003. Often, 
though, I miss a setting that results in an 
emergency call from a client. 

My latest confounding problem involved 
the puzzling decision to limit all users'default 
mailbox sizes to a draconian 500MB (in 
SP2).To make matters worse, the default set¬ 
ting is to disallow sending and receiving if a 
user reaches his or her limit. The result in my 
case was a frustrated customer with an email 
import that was stuck at 45 percent and a 
mailbox that wouldn't accept new messages. 

I understand Microsoft's objective to 
make deployment as easy as possible for 
novice users. But I wish the company would 
take experienced Windows administra¬ 
tors into consideration. I would suggest 
two deployment modes: express and 
advanced. The advanced mode, in contrast 
with the user-friendly express mode, would 
cover every SBS/EBS setting that Microsoft 
thinks is necessary to configure for the nov¬ 
ice and give the administrator the option 
to immediately change it. I generally don't 


Fixing Network Problems 

In his article "Fixing Network Problems" 
(January 2009, InstantDoc ID 100660) , 
Michael Dragone talks about error- 
disabled ports—that is, the errdisable 
state on Cisco switches. He suggests that 
people use the Show Port port number 
command to identify ports that are in 
an error-disabled state. Although that 
method works, a better solution is to use 
the Show Status Err-Disabled command 
to show any and all error-disabled ports 
on the switch. As far as VoIP and VLANs 
are concerned, Michael doesn't mention 
the need for or use of Quality of Service 
(QoS). Suggesting the use of firewalls and 
SOHO routers is also something that will 
only frustrate users trying to go down 
that path. 

—Steve Van Domelen 

Thanks for writing in with your comments. 
The Show Status Err-Disabled command 
is a good suggestion that I would have 
covered if I'd had more space. I briefly 
mention QoS when I introduce routing 
between VLANs. As I mention in the article, 
a SOHO router will get you up and running. 
Although I'd hope no one would declare 
their VoIP deployment finished after buying 
a $20 NETGEAR router with a free copy of 
an antivirus scanner, it's an alternative in a 
pinch (or an emergency). Many firewalls — 
such as Cisco's ASA line and SonicWALL's 
NSA Series—include at least some degree 
of QoS support and are clearly a better solu¬ 
tion than a SOHO router, given the choice. 

—Michael Dragone 

use folder redirection and synchroniza¬ 
tion for my clients. Instead of being forced 
to remember to remove that GPO before 
joining the first workstation to the domain, 
why not prompt me to determine whether I 
want to use it at all? 

Microsoft's SMB offerings let me provide 
affordable, reliable solutions for my clients. I 
just hope I don't end up wasting too much 
time trying to undo all their settings. ^ 

—Mike Zylberstein 

InstantDoc ID 101570 


—Jon Junker 


Windows IT Pro welcomes feedback about the magazine. Send comments to letters@windows 
itpro.com, and include your full name, email address, and daytime phone number. We edit all 
letters and replies for style, length, and clarity. 
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Humphries 

The missing link to 
IT resources 



Get Maximum Performance 
from Your Web-based 
Applications 

Ensure that your 
web applications 
perform well. This 
Technical Advi¬ 
sor provides the 
foundation for 
understanding the 
potential sources 
of performance bottlenecks, and 
developing an effective strategy to 
overcome performance limitations 
to achieve optimal web application 
performance. Read this Technical 
Advisor now to find out which com¬ 
mon performance problems might 
be preventing your web-based appli¬ 
cations from performing to their full 
potential. 

windowsitpro.com/go/WebAppPerformance 

Content Life Cycle 
Management for SharePoint 
Data Growth 

Improve the performance and avail¬ 
ability of your SharePoint environ¬ 
ment while cost-effectively managing 
your information life cycle. Register 
for this web seminar to learn about 
SQL Server capacity planning, per¬ 
formance and cost implications of 
unmanaged growth, and effective 
content life cycle management and 
archiving. 

windowsitpro.com/go/ManageSharePointGrowth 

Hit the Ground Running 
with SQL Server for 
Non-DB Specialists! 

Join SQL Server MVP Allan Hirt on 
April 30, 2009, for fundamental 
SQL Server lessons tailored to pros 
new to SQL Server, plus a live Q&A 
session—all on your own computer! 
Register for only $99, and learn how 
to plan, deploy, and administer SQL 
Server (includes aspects of SQL 
Server 2000, SQL Server 2005, and 
SQL Server 2008). 
windowsitpro.com/go/SQLforNonDBsCITC 

www.windowsitpro.com 


Get More than You 

Free educational resources 
from Windows IT Pro 

W ith the economic bliz¬ 
zard as cold as it's 
been, we're trying to 
squeeze all we can out 
of the money we work 
so hard to earn—or, for 
some, work pretty hard to earn. There's no 
such thing as a free lunch, but with these 
resources from Windows IT Pro, you can 
still feed your mind at no cost. 

"Exchange Storage Ins and Outs" 
Technical Advisor (windowsitpro.com/go/ 
ExchangeStorage): Technical Advisors are 
quick-reference guides written by Windows 
IT Pro experts. In this Technical Advisor, 
Tom Clark, Paul Robichaux, and Alan Sug- 
ano demystify server storage options and 
help you determine which solution is best 
for your situation. 

"Tracking Changes in the Modern Win¬ 
dows-centric Regulatory Environment" 
web seminar (windowsitpro.com/go/Track 
JngChanges): Ensure that your Microsoft¬ 
centric networks are up to the challenges of 
monitoring and change management. This 
web seminar covers shared requirements 
between network operations/compliance 
and monitoring/change management; driv¬ 
ers for accurate, complete monitoring and 
change management; monitoring as a vital 
aspect of day-to-day operations and com¬ 
pliance scenarios; and challenges with the 
native tools in Microsoft-centric networks. 

"Recession Proof Your Business Email" 
white paper (windowsitpro.com/go/Reces- 
sionProofEmaiD : Learn how to maintain 
robust email capabilities while reducing costs 
in a way not seen in the industry since email 
became the critical business tool it is today. 
In this white paper, Osterman Research cov¬ 
ers the key challenges of email management 
and discusses how outsourcing may be the 


Pay For 


Microsoft Talks Back 

Read in-depth interviews with Micro¬ 
soft on the following topics: 

• Windows Server 2008 R2 (InstantDoc 
ID 101319) 

• New App-V and MED-V virtualization 
products (InstantDoc ID 101374) 

• Visual Studio 2008 and the upcom¬ 
ing VS 2010 (InstantDoc ID 101437) 

. ASP.NET AJAX, MVC, and Silverlight 
(InstantDoc ID 101462) 

Find more free and VIP-only web 

articles at www.windowsitpro.com! 


best way for an organization to leverage its IT 
dollars in 2009 and beyond. 

"Backup Life Cycle Management for 
Remote Offices" podcast fwindowsitpro 
.com/go/BackupLifecvcle l: Join David Cher- 
nicoff as he leads a discussion about manag¬ 
ing the information life cycle. Find out about 
the efficiencies of applying backup life cycle 
management to an effective remote offsite 
backup solution, using the key components of 
the strategy, and nearline and offline storage. 

"Business Process Automation: Man¬ 
aging Cost in Your Enterprise" eBook 
(windowsitpro.com/go/BusinessProcess 

Automation ): Make your enterprise more 
efficient with this eBook's solid foundation 
on the basics of business process automa¬ 
tion (BPA), a look at the way BPA tools work, 
and how they can be utilized to benefit both 
IT and overall business efficiencies. Learn 
where BPA can fit into your existing business 
process model, how BPA differs from other 
basic scripting and scheduling techniques, 
and what benefits your business model can 
derive from implementing a BPA solution. 

To find more resources like these, you 
can contact me for a nominal fee at Christan 
.Humphries@penton.com . ^ 

InstantDoc ID 101486 
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Thurrott 

"The compatibility changes in the release 
candidate will help, but looking ahead, it's 
advisable to migrate sites to web standards that 
work properly in all modern browsers." 


NEED TO KNOW 


What You Need to Know About IE 8.0 


F eedback about Microsoft's Internet Explorer (IE) 8.0 Beta 
2 release prompted the company to add an unexpected 
release candidate (RC) milestone to the IE 8.0 list, delay¬ 
ing the final release of the browser from late 2008 to the 
second quarter of 2009. IE 8.0 Beta 1, aimed at develop¬ 
ers, was released in March 2008, and IE 8.0 Beta 2 added 
end-user functionality. (For more about Beta 2, see “What You Need 
to Know About Microsoft Internet Explorer 8.0 Features,” November 
2008, InstantDoc ID 100199 .) But it also added compatibility chal¬ 
lenges, which Microsoft is addressing with IE 8.0 RC1. Here's whatyou 
need to know about late-breaking changes in IE 8.0. 

Compatibility Issues 

One of the biggest changes in IE 8.0 is the compatibility model. 
Microsoft is changing the browser's core rendering engine to one 
that's more standards-compliant, which means that eventually 
website designers and developers will need to write only to web 
standards, not to the quirks of various browsers. But in the short 
term, this change has monumental negative effects because so many 
websites and corporate intranet sites are designed specifically for IE 
6.0 and IE 7.0. 

To combat the compatibility problems, Microsoft created a Com¬ 
patibility View button for the IE 8.0 toolbar. End users could toggle 
this button on websites that didn't display properly in IE 8.0, and 
corporations could use IE 8.0's copious management capabilities to 
hard-code the backward-compatibility mode for intranets and other 
sites. Microsoft also hoped that IE 8.0's year-long beta period would 
give developers time to cope with the new rendering engine. 

But few developers changed their sites to work properly with IE 8.0, 
and the Compatibility View button, while well-intentioned, put the 
onus of site compatibility on the end user. Clearly, Microsoft needed 
a more automated solution before IE 8.0 could ship to the public. 

This solution, dubbed Compatibility View Updates, provides the 
browser with a constantly updated blacklist of sites known to not dis¬ 
play properly in IE 8.0's default rendering engine. When the browser 
hits such a site, IE 8.0 switches automatically into Compatibility Mode. 
And when such a site is updated to handle IE 8.0, the site is automati¬ 
cally removed from the blacklist. 

For those who don't want this new functionality exposed in the 
browser, Compatibility View Updates is optional, easy to remove, and 
configurable in managed environments. And you can, of course, still 
manually add sites to Compatibility Mode when required. 


Ul, Privacy, and Security Changes 

Since Beta 2, Microsoft has removed AutoComplete Suggestions 
from the Address Bar, but added the ability to show more previously 
visited or popular sites in the Address Bar drop-down menu. The new 
Favorites Bar, which replaces and enhances the Links Bar from earlier 
IE versions, is more configurable as well. 

IE 8.0's privacy and security functionality also changed. InPrivate 
Subscriptions, which blocked downloads and add-ons from specific 
sites, was removed. But the related InPrivate Blocking feature was 
changed so that all add-ons are disabled when browsing in this mode. 
InPrivate is also now session-specific, so that all new browser windows 
opened while in this mode will use InPrivate mode. (Previously, new 
windows would open in non-private IE mode instead.) 

Enterprise and Developer Changes 

To accommodate enterprises, all the new functionality added since 
Beta 2 is controllable via Group Policy. Developers will see better 
adherence to the Cascading Style Sheets 2.1 and 3.0 specifications and 
some new Developer Toolbar functionality. For example, it's now pos¬ 
sible to configure different text editors to work with the toolbar. 

Recommendations 

IE 8.0's key end-user changes, such as Accelerators, Web Slices, and 
Visual Search Suggestions, make this version far more compelling 
than competing browsers. But IE 8.0's rendering engine could cause 
headaches for businesses, so test your intranet and public websites 
in the new browser as soon as possible. The compatibility changes 
in the release candidate will help, but looking ahead, it's advisable 
to migrate sites to web standards that work properly in all modern 
browsers. 

The big question is whether IE 8.0's functional improvements 
outweigh the compatibility issues and the pain of upgrading. Because 
IE 8.0 will be included in Windows 7, most businesses, I suspect, will 
simply “upgrade” to IE 8.0 as part of a Windows 7 migration, which 
seems like a more commonsense approach than upgrading existing 
Windows Vista and Windows XP machines to IE 8.0. ^ 

InstantDoc ID 101469 
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Mediterranean Shipping Company has 
discovered a new form of energy. 



To get the full MSC 
story on your phone, 
snap a picture of this 
tag. (Requires a free 
mobile app from 
http://gettag.mobi) 


Mediterranean Shipping Company (MSC) is the second-largest 
container ship line in the world, with a database that tracks more 
than 210 billion transactions a year. The company recently upgraded 
its database to Microsoft® SQL Server® 2008, not only to handle this 
massive load, but also to simplify MSC's database administration 
and help ensure high availability. Which is like a new form of energy 
for MSC. See the whole story at SQLServerEnergy.com 

sQ. 

Microsoft® 

^ SQL Server 2008 
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Minasi 

"Bcdedit's OS entry options 
work similarly to boot.ini." 


Booting Up with Bcdedit 

Modify your OSs' boot options 


I n “Bcdedit Basics" (March 2009, InstantDoc ID 101168), 
I introduced you to Bcdedit, a tool in Windows Vista and 
later that lets you modify the way your system boots. (The 
tool's name refers to Microsoft's replacement of the boot, 
ini text file with a binary data file called BCD—short for 
Boot Configuration Data.) In that article, I explained how to 
store information in the BCD about how to boot more than one OS. 
But even if you have only one OS on a computer, you'll find Bcdedit 
useful: It also lets you modify what Microsoft calls OS entry options 
(which I refer to as boot options). 

Bootini used to let you boot pre-Vista systems under some non¬ 
standard set of parameters. For example, Windows NT has always 
offered the /vga boot option, which, when placed in a system's 
bootini file, instructs the OS to boot using the generic SVGA driver 
instead of a hardware-specific display driver. (This boot option is 
useful if you realize too late that you've installed a defective or mis¬ 
matched video driver.) 

Bcdedit's OS entry options work similarly. You can control how 
your system boots by using the Bcdedit /set command: 

bcdedit /set {0S_entry} boot_option boot_option_value 

where OSjentry is the GUID of the boot entry to be modified, 
boot_option is the option you want to use, and boot_option_value is 
that option's value. For example, the following command instructs 
Bcdedit that my copy of Vista should always use the generic SVGA 
driver rather than a board-specific driver: 


After the OS entry GUID, I've entered a pair of values: the name of 
the parameter that controls the display driver, followed by a param¬ 
eter value. (It would have been clearer to type vga=yes, but that's not 
how Microsoft designed Bcdedit's syntax.) 

In the real world, you probably wouldn't want your system to 
always use the SVGA driver, so how might you make use of that com¬ 
mand? How about using the Bcdedit /copy command to copy the OS 
entry that you normally use to boot your system to a new entry called 
something like Vista Safer Mode? The new entry isn’t exactly Safe 
Mode, but it's the same basic idea, and you can define exactly what 
Vista Safer Mode means. Then you can use the Vista Safer Mode OS 
entry's GUID in a Bcdedit /set command that adds the vga yes option 
to that entry. Now, just type bcdedit to see your OS entries. You'll see 
one that looks something like Figure 1. 

Looking at that output, it's easy to see that OS entries already 
have a number of boot options, such as device and osdevice (which 
help tell the OS option what drive to boot from and where to find the 
Windows loader), and description. 

What if you decide to remove the vga boot option? You could 
just change its value from yes to no, but not every boot option offers 
that sort of flexibility. If that’s the case, you can use the Bcdedit 
/deletevalue command: 

bcdedit {0S_entry} boot_option 

To remove the vga option altogether, you'd type 

bcdedit /deletevalue {9c219fbl-bb55-lldd-97ac-804080387aa6} vga 


bcdedit /set {9c219fbl-bb55-lldd-97ac-804080387aa6} vga yes 

Remember that Bcdedit 
identifies OS options not 
with user-defined words or 
phrases but with ugly GUIDs 
randomly generated by the 
OS. (To see the GUIDs asso¬ 
ciated with each OS entry, 
run the Bcdedit /v com¬ 
mand.) Because these GUIDs 
are random numbers, you 
shouldn't just type the GUID 
I've entered above, as it's 
almost certainly not the cor¬ 
rect GUID for your system. 


Windows Boot 

Loader 

Identifier 

{ac219fbl-ce87-lldd-97ac-804080387e46} 

device 

partition=C: 

path 

\Windows\system32\winload.exe 

description 

Vista Safer Mode 

osdevice 

partition=C: 

systemroot 

\Windows 

resumeobject 

{0042327e-bb3d-lldd-bf4f-806e6f6e6963} 

vga 

Yes 


Now that you've seen one boot option (i.e., vga), the logical 

next question is, “What other 
options can I use?" There are 
quite a few, and we'll exam¬ 
ine some of them in my next 
column. ^ 

InstantDoc ID 101362 


Figure 1: Using Bcdedit to view your OS entries 
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Otey 

"Probably one of the most anticipated features 
in R2, Live Migration improves VM availability 
by letting you move Hyper-V VMs between 
hosts with no downtime." 



New Features in Windows Server 2008 R2 

R2 delivers new management options and better scalability and power management 


lthough it seems like Windows Server 2008 was just 
released, Microsoft is already getting ready to deliver 
the follow-up release, Server 2008 R2. The new release 
follows the cycle used for Windows Server 2003: a 
major OS release followed by a minor R2 release. 
Server 2008 R2 includes a host of new management 
capabilities and functionality that administrators are sure to love. 
Look for a full review of Windows Server 2008 R2 coming soon to 
WindowsITPro.com and Windows IT Pro. For now, let's look at the 
top 10 new features in Server 2008 R2. 

C *\ 64-bit only—Windows Server 2008 R2 marks the first time that 
) the Windows Server OS will be 64-bit only, meaning that Server 
2008 R2 must be run on x64-compatible hardware. Almost all 
of today's popular server hardware will accommodate this require¬ 
ment, which is good, because the R2 release won't run on 32-bit 
systems. 

O Support for 256 cores—Improved scalability is another impor¬ 
tant feature in Server 2008 R2, which will be able to utilize up 
to 256 cores. This number is a huge jump from the 64-core limit 
in the original Windows Server 2008. 

O Core Parking—Windows Server 2008 R2's new Core Parking 
functionality enables improved power management. Core 
Parking lets the OS suspend cores that aren't in use, thereby 
saving the power required to run those cores. Parked cores can be 
reactivated in milliseconds to respond to increased workloads. 

O Remote Desktop Services—Windows Server 2008 R2 rebrands 
Terminal Services as Remote Desktop Services. However, the 
changes aren't in name alone. The new Remote Desktop Ser¬ 
vices includes support for the Aero Glass interface, multiple moni¬ 
tors, and DirectX 11,10, and 9. 

O New Hyper-V—A prerelease version of Hyper-V shipped with 
the original Windows Server 2008, but R2 includes the latest 
version. In R2's new Hyper-V, virtual machines (VMs) can 
address up to 32 cores, and the use of TCP Offload and lumbo Frames 
improves networking performance. But one of the biggest improve¬ 
ments in Hyper-V is support for the next item in my top-10 list, Live 
Migration. 


O Live Migration—Probably one of the most anticipated fea¬ 
tures in R2, Live Migration improves VM availability by letting 
you move Hyper-V VMs between hosts without incurring 
downtime. Microsoft's answer to VMware's VMotion, Live Migration 
is built on top of R2's new Cluster Shared Volumes technology, which 
lets multiple cluster nodes concurrently access the same LUN. 

O Support for the .NET Framework in Server Core—One 
of the biggest disappointments in the original Server 2008 
release was the lack of support for the .NET Framework in 
Server Core, which meant that technologies that seemed perfect for 
Server Core, such as Windows PowerShell and ASP.NET applica¬ 
tions, couldn't run on Server Core. R2 fixes this problem by adding 
support for a subset of the .NET Framework that supports both 
ASP.NET and PowerShell. 

O PowerShell 2.0—Server 2008 R2 includes PowerShell 2.0, 
which features improved Windows Management Instru¬ 
mentation (WMI) cmdlets and supports running scripts on 
remote systems, creating ScriptCmdlets, and running background 
jobs. R2 also sports a new graphical PowerShell UI for developing 
and debugging PowerShell scripts. PowerShell 2.0 is compatible 
with PowerShell 1.0. 

O Remote server management—Server Manager was one of 
the best improvements in Server 2008 because it provides a 
centralized and useful console for managing Windows Server. 
However, Server Manager is limited to working with the local system. 
With R2, Server Manager can be installed on network clients and can 
be used to manage remote Server 2008 systems. 

O Active Directory Administrative Center—For administrators, 
the biggest change in Server 2008 R2 is the new Active Directory 
Administrative Center, which replaces the older Active Directory, 
Domains and Trusts, Sites and Services, and Users and Computers 
management tools. The Active Directory Administrative Center is built 
on top of PowerShell, and its actions are scriptable. An especially nice 
feature is the new Active Directory Recycle Bin. ^ 

InstantDoc ID 101470 
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The configurable Command Center puts all the 
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agents, quarantines, threats, and more. 
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Symantec 
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VIPRE Enterprise scans at a brisk 13.95 MB/sec and 
uses just 27% of CPU and 50 MB of RAM. In idle, it 
uses a mere 13.3 MB RAM with a disk footprint of just 
113 MB. You'll hardly notice it's running! 


Until now, antivirus engines have been Frankensteins, bolted 
together from bits and pieces of different products. They're slow, full 
of bugs, and hard to manage. 
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as the all-in-one antivirus, antispyware, anti-rootkit solution that gives 
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resources! It's fast, powerful, and easy. 

Plus, advanced anti-malware technology protects your system against 
the new wave of malware threats. No more juggling multiple programs. 
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performance. 
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• EASY! Manage everything easily from one command screen. 

• RELIABLE! Configurable, real-time monitoring technology. 

• AFFORDABLE! Low $10 per seat pricing to save you money. 

Why struggle with slow resource hogs when you can manage ALL your 
malware threats with one fast, easy application? 

Curious? Download your FREE copy of VIPRE Enterprise and give it a 
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Sunbelt Software 


When you compare VIPRE Enterprise to Symantec, McAfee, Trend Micro 
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WHAT WOULD MICROSOFT SUPPORT DO? 


Morales 

"MPS_Reports aids the data-gathering process 
to help resolve support issues faster." 



Reap the Power of MPS_Reports Data 

Gather system data using a tool created by Microsoft support engineers 


Y ears ago, Microsoft support engineers had no single 
data-gathering tool to use in resolving customer issues. 
The process of collecting system data was time-con¬ 
suming, laborious, and unreliable. Depending on the 
problem, customers would run various data-gathering 
utilities, manually extract the event logs, and copy log 
files from the machine having the problem, then email the data back 
to us. A group of support engineers decided there was a better way 
and created the Microsoft Product Support Reporting tool (MPS_ 
Reports) to aid in the data-gathering process and help resolve cus¬ 
tomer issues faster. I'll show you how you, too, can use MPS_Reports 
for troubleshooting common Windows system problems. 

About MPS_Reports 

You can find a description of MPS_Reports and links to download 
the tool a t support.microsoft.com/kb/816819. As you'll see on the 
MPS_Reports web page, there are several different versions of the 
tool. This is because the specialty groups within the Microsoft sup¬ 
port organization wanted to collect information for their particular 
areas of responsibility. Thus, each group has its own specialized 
version of MPS_Reports. 

Under the covers, the tool comprises several utilities bundled 
into an IExpress package, which executes the utilities through a .cmd 
file. IExpress is a utility that lets you create a self-extracting setup 
program via a wizard interface. You can learn more about IExpress 
technology at tinyurl.com/IExpress. 

The data from MPS_Reports comes in easy-to-read formats com¬ 
pressed into a .cab file, so you can conveniently transport the data 
from one system to another. When MPS_Reports runs, you'll notice 
a DOS-style window pop-up that shows you the progress of the tool 
in terms of which data is currently being gathered. 

When MPS_Reports has finished collecting data, the DOS 
window will disappear and you'll see the .cab file's directory folder 
containing the data collected from your system. You can also view 
the extracted reports under the Reports folder located in the same 
Windows\MPS_Reports directory. 

A new version of MPS_Reports, scheduled for release in April 
2009 (available at www.microsoft.com/downloads), will be com¬ 
patible with Windows XP and later, including Windows 7. Included 
on that page will be an email address and community forum to 
which you can submit questions about how to customize the data- 
gathering functionality for your environment. 


Using MPS_Reports Data 

On a call to Microsoft support, the first thing an engineer typically 
asks the customer to do is to run MPS_Reports. If you run the tool 
before calling the support team, you'll save time by having the .cab 
file ready to send to us. MPS_Reports also provides data you can use 
in solving the following types of problems on your own. 

Problem 1: Comparing File Versions on Two Cluster Nodes 

Understanding which files differ between a system having a prob¬ 
lem and another system that isn't having a problem is often an 
essential step in resolving the issue. With a little work, you can use 
MPS_Reports data to create an easy-to-read Microsoft Excel Pivot¬ 
Table that shows you the differences between the systems' files. 

To do so, first run MPS_Reports on the two systems you want to 
compare and extract each .cab file to a folder named for the source 
computer the data was collected from. In this case, the .cab files 
come from a two-node cluster; the systems are called NODEOOl 
and NODE002. For this example, I extracted the two .cab files into 
the directory D:\MPS_Reports_example. 

Once you have the .cab files, you can run the Findstr command 
to merge data from multiple .csv files contained in the .cab file. In 
this example, I want to compare the drivers loaded on both nodes, 
so I run the following command: 

D:\MPS_Reports_example>fi ndstr /s 

\ *_DRIVERS.CSV > DRIVERS.CSV 

(Be sure to type the command on one line without the line break.) 
This Findstr command searches the current folder and all subfold¬ 
ers for the string “\" in files named *_drivers.csv. This results in the 
data from multiple MPS_Reports .cab files being merged into one 
file. (Web Figure 1, www.windowsitpro.com, InstantDoc ID 101468, 
shows a portion of the Findstr output with comma delimiters.) 

Notice that the output from Findstr shows the folder path 
for the drivers.csv file. From this information, we can obtain 
the computer name. To do so, load the resulting .csv file into an 
Excel spreadsheet, as I've done in the Drivers.xlsx spreadsheet in 
Figure 1, page 12. Use the Text to Columns feature to extract only 
the computer name from the Findstr output. The remaining col¬ 
umns are loaded into cells because of the comma delimiter. Now 
each line of data can be associated with the computer from which 
it was collected. 
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Figure 1: File differences between two nodes in a cluster 


Next, insert a blank row at row 1 of the 
spreadsheet and fill in the column head¬ 
ers. Then, using Excel's PivotTable feature, 
you can do a side-by-side comparison of 
the drivers loaded on each node. (For more 
information about using Excel PivotTables, 
see articles listed in the Learning Path at www 
.windowsitpro.com, InstantDoc ID 101468.) 
In Figure 1, you can see that NODEOOl is 
running older versions of Ntfs.sys and nt 
krnlpa.exe. For a cluster, it's important that 
the same version of drivers run on all nodes. 


Problem 2: Finding Malware 

Malware can cause various problems on your 
systems, among them sluggish behavior, net¬ 
working issues, and application failures. One 
of the pieces of data that MPS_Reports pro¬ 
vides is a system report file called computer- 
name_msinfo32.nfo. You can use this .nfo file 
to scan through the Startup Programs section 
under the Software Environment heading, 
which lists all executables that launch at 
system startup. 

As Figure 2 shows, two executables listed 
were unfamiliar to me: *mcwave 
and wtoolsa. I searched on the pro¬ 
gram names and found links to two 
sites that confirmed that these pro¬ 
grams were malware : www.liutilities 
.com/products/wintaskspro/ 


cluster. This problem occurred on a newly 
installed system during installation of the 
cluster service. The customer-reported error 
was The remote procedure call failed and did 
not execute. This may lead to authentication 
problems. Make sure that this computer is con¬ 
nected to the network. If the problem persists, 
please contact your domain administrator. 

Upon receiving the MPS_Reports .cab 
file from the customer, we immediately went 
to the Cluster log file because it contains 
verbose error descriptions about problems 
occurring during setup. The cluster logs 
revealed the following additional informa¬ 
tion: OOOOOabO.000009ec::2009/01/03-13:42:4 
5.328 INFO Network Name <Cluster Name>: 
Name MYCLUSTERfailed IsAlive/LooksAlive 
check, error 1450. By running the follow¬ 
ing Net helpmsg command, from the com¬ 
mand's output we determined that the error 
1450 was caused by insufficient resources: 

C:\net helpmsg 1450 

Insufficient system resources exist 

to complete the requested service. 


Using this information and our knowl¬ 
edge that the customer experienced the 
problem shortly after rebooting the system, 
we started investigating potential causes of 
a memory constraint on a system immedi¬ 
ately after a reboot. Such conditions would 
include any memory parameters passed 
into the boot.ini file, such as the /3GB 
switch, which allocates less memory for 
kernel-mode drivers and more memory for 
user-mode applications such as database 
or email. 

Since MPS_Reports collects the boot 
.ini file included in the .cab file, we quickly 
noticed that the customer was running with 
the /3GB switch. We recommended that 
the customer follow the guidance in the 
Microsoft article "How to use the /userva 
switch with the /3GB switch to tune the 
User-mode space to a value between 2 GB 
and 3 GB" (support.microsoft.com/default 
.aspx?kbid=316739) , which suggests modi¬ 
fying boot.ini to allow more precise tuning 
of user-mode memory for applications that 
require more than 2GB (the default without 
using the /3GB switch). After we added the 
/userva switch with the recommended 3030 
value, the node could join the existing clus¬ 
ter, and the critical problem was resolved 
quickly. 

Dig into the Data 

Knowing what to look for and in what files 
takes some time and practice. However, once 
you start digging into the data, you'll find a 
treasure chest full of useful information that 
may prevent a support call or at least help 
expedite the resolution process. ^ 

InstantDoc ID 101468 


processlibrarv/wtoolsa and www 
.spywaredata.com/spyware/ 

malware/mcwave.exe.php. 

Problem 3: A cluster node 
fails to join an existing 
cluster due to an RPC error 

A customer recently reported a 
critical issue with a cluster node 
being evicted from an existing 
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MICHAEL MORALES 

(morales@microsoft 
.com) is a senior escalation 
engineer for Microsoft's Global 
Escalation Services team. 

Fie specializes in advanced 
Windows debugging and 
performance-related issues. For 
information about Windows 
debugging, visit blogs.msdn 
.com/ntdebuqqinq~ 


Figure 2: Msinfo32 report showing two malware programs 


Special thanks to Gary 
Braughton, a Microsoft senior 
escalation engineer, and Sean 
Wheeler, a Microsoft senior 
premierfield engineer, who 
contributed to this article. 
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ALTERNATIVE THINKING ABOUT MANAGING COSTS: 


Lean price. Mean technology. 


Making trade-offs isn't in your job description, is it? So the challenge is to make the most of your resources, while giving 
your business the technology to reach its full potential. HP storage and server solutions do just that —erasing the gap 
between cost and innovation, while delivering reliable ProLiant technology. And with affordable prices, business can 
thrive; not just survive. Let others try to think outside the box —we're rethinking what goes on inside it. 


Technology for better business outcomes. 


HP BladeSystem c3000 Enclosure 

$ 3,499 (Save $ 2,319) 


Lease for just $86/mo. 1 
Smart [PN: 481657-001] 

• Supports up to 8 server/storage 
blade devices in a 6U enclosure 

• 3-year limited warranty 


HP ProLiant BL465c G5 Server Blade 

$ 1,539 (Save $ 450) 


Lease for just $38/mo.’ 

Smart [PN: 501280-001] 


HP ProLiant DL385 G5p Rack Server 

$ 2,929 (Save $ 1,017) 


Lease for just $72/mo. 1 

Smart [PN: 501542-005] 

• 2 Quad-Core AMD Opteron™ 

2300 Series Processors with 
AMD Virtualization™ technology 

• Supports up to 6 large form factor, or 
16 small form factor (with optional drive 
cage), high-performance SAS hard drives 

• 8 GB memory 

• Integrated Lights-Out 2 (iLO 2), Systems 
Insight Manager, SmartStart 

• 3-year limited warranty 


HP Ultrium 448 SAS 
Internal Tape Drive Bundle 

$ 1,149 (Save $ 349) 


Lease for just $33/mo. 1 
Smart [PN: AG735A] 

• 400 GB compressed capacity in 
half-height form factor 

• Ships with Data Protector Express Software, 
One-Button Disaster Recovery, and a 

Host Bus Adapter 




Special 0% financing for up to 36 months also available* * 
call 1-888-685-9646 or visit hp.com/servers/affordable32 


To learn more, 


• Quad-Core AMD Opteron™ 

2300 Series Processor and supports 
AMD Virtualization™ technology 

• 4 GB memory; supports up to 
64 GB memory 


Trices shown are HP Direct prices; reseller and retail prices may vary. Prices shown are subject to change and do not include applicable state and local taxes or shipping to recipient's address. Offers cannot be combined with any other offer or discount and are good 
while supplies last. All featured offers available in U.S. only. Savings based on HP published list price of configure-to-order equivalent (Enclosure: $5,818 - $2,319 instant savings = SmartBuy price of $3,499; BL Server: $1,989 - $450 instant savings = SmartBuy 
price of $1,539; DL Server: $3,946 - $1,017 instant savings = SmartBuy price of $2,929; Tape Drive: 51,498 - $349 instant savings = SmartBuy price of $1,149). Financing available through Hewlett-Packard Financial Services Company and its subsidiaries 
(HPFSC) to qualified commercial customers in the U.S. and is subject to credit approval and execution of standard HPFSC documentation. Prices shown are based on a lease 48 months in term with a fair market value purchase option at the end of the term and are valid 
through April 30, 2009. Other rates apply for other terms and transaction sizes. Financing is available on transactions greater than $349. Other charges and restrictions may apply. HPFSC reserves the right to change or cancel this program at any time without notice. 
^Financing available through Hewlett-Packard Financial Services Company (HPFSC) to qualified commercial customers in the United States and Canada and is subject to credit approval and execution of standard HPFSC documentation. Offer valid through April 30,2009 
on transactions in the United States between $1500 USD and $150,000 USD and in Canada between $5000 CAD and $150,000 CAD. Twelve-month, 0% financing assumes transaction is documented as a lease with a $1 (or local currency equivalent) end-of-term 
purchase option. Thirty-six month, 0% financing is an implicit lease rate, assuming lessee does not exercise a fair market value purchase option at the end of the lease term and timely returns the leased equipment to HPFSC. Other charges, including taxes, fees and 
shipping charges, may apply. Not all HP products are eligible for 0% lease rate. Not all customers may qualify for these rates. Other restrictions may apply. HPFSC reserves the right to change or cancel this program at any time without notice. 

AMD, the AMD arrow logo, AMD Opteron and combinations thereof, are trademarks of Advanced Micro Devices, Inc. 

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 
































Upgrade Your Skills 
with One Download! 

Get Valuable Expert Advice with Free Technical Advisors 


Technical Advisors, the new learning resource from Windows IT Pro, 
are expert-written, quick-reference guides with the key information you 
need on critical IT topics. 


Security in Windows Environments: 4 Stories 

Security gurus such as John Savill, Randy Franklin Smith, and Orin Thomas share 
their advice in this four-chapter resource, including detailed tips on changing your 
security weakness into strengths; securing your desktops with Group Policy; 
comparisons of some of the top endpoint solutions on the market; best practices 
in security policy management, and more. 

www.windowsitpro.com/go/TechnicalAdvisor/SecurityinWindowsEnvironment 


Getting Maximum Performance from Your Web-based Applications 

Susan Perschke presents a foundation for understanding the many performance 
bottlenecks and discusses how to develop an effective strategy to overcome 
limitations and achieve optimal performance from your web applications. 

www.windowsitpro.com/go/TechnicalAdvisor/ 
MaxPerformancefromWebApps 


Exchange Storage Ins and Outs 

Tom Clark, Paul Robichaux, and Alan Sugano 
demystify server storage options and help you 
determine which solution is best for different situations. 

Plus these experts explain how to make the most out of your SAN. 

www.windowsitpro.com/go/TechnicalAdvisor/ExchangeStoragelnsAndOuts 


DOWNLOAD THESE FREE eBOOKS TODAY! WindowsITPro 
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ASK THE EXPERTS 


I Windows Mobile 
I Outlook 2007 
I Windows Vista 


I Windows Time Service 
I Cluster Networks 
I Active Directory Accounts 



ANSWERS TO YOUR QUESTIONS 



Q: How do I configure Windows 
Mobile 6.0 Professional to 
hyperlink phone numbers? 

A; With Windows Mobile Standard edi- 
tions, any string that looks like a phone 
number is hyperlinked so that the user 
can click the number to dial it. In Windows 
Mobile 6.0 Professional, this capability isn't 
enabled. To hyperlink a number with Win¬ 
dows Mobile 6.0, add "tel:"to the front of 
the number, followed by a space (e.g., tel: 

214-555-2468). The number will now be 
hyperlinked when viewed with Windows 
Mobile 6.0 Professional. 

—John Savill 

InstantDoc ID 97717 

Q: How can I clean up the mailbox 
in Microsoft Office Outlook 2007? 

A: Like Microsoft Office Outlook 2003 
and Outlook 2002, Outlook 2007 pro¬ 
vides basic tools for users to reduce and 
control the amount of data they store in 
their mailbox or personal folders.To ac¬ 
cess these tools, select Mailbox Cleanup 
from Outlook's Tools menu. You'll see the 
Mailbox Cleanup window, which consists 
of five sections. 


In the first section, the View Mailbox 
Size button lets you manage the size of 
the mailbox. Click the button to view the 
size of all the folders in the mailbox. The 
size information helps you focus your at¬ 
tention on the folders that are the biggest 
contributors to the storage the account 
uses. If you're close to exceeding your 
quota and worried about not receiving 
future messages, moving or deleting large 
items will have the greatest immediate 
effect on mailbox size. 

The second section provides a filtered 
search for content older than a certain date 
or larger than a specified size. The query 
returns a list of candidates for archiving 
or deletion. Alternatively, you can create 
search folders in Outlook and use them to 
obtain lists of such items on an ongoing 
basis, so that you don't have to create a 
new search each time. To create a search 
folder, from Outlook's File menu, select New, 
Search Folder; click Create a custom Search 


Q: How do I use the Start menu 
search capability in Windows 
Vista? 

A: To enable simpler access to pro- 
grams, the Vista Start menu contains 
an instant search capability. If you 
press the Start key (formerly known 
as the Windows key), you open the 
Start menu, and by default the focus 
is the instant search box. You can then 
start typing the name of the program, 
Control Panel applet, document, or 
favorite you want to find. As you type, 
the search results will be updated 
dynamically to show the most relevant 
matches. To run or open an item from 
the results list, simply select the item 
you want and press Enter. 

—John Savill 

InstantDoc ID 95683 


Deleted Items folder, just click Empty. 

The fifth configuration option is en¬ 
abled only if you have conflicting versions 
of items. This option helps you clean up 
your mailbox by letting you purge dupli¬ 


Moving or deleting large items will have the 
greatest immediate effect on mailbox size. 


Folder, then click Choose and specify the 
age and message size. 

The third section lets you move con¬ 
tent from the mailbox or PST to a separate 
archive PST. As in Outlook 2003 and 
Outlook 2000, the AutoArchive button in 
Outlook 2007 doesn't provide a confirma¬ 
tion or configuration screen when you 
click it, but instead immediately archives 
old items. 

The fourth option lets you empty the 
Deleted Items folder. Clicking the View 
Deleted Items Size button tells you the 
size of the Deleted Items folder and all 
the subfolders it contains. To empty the 


William Lefkovics | william@mojavemediagroup.com 
John Savill | jsavill@windowsitpro.com 
Jan De Clercq | jan.declercq@hp.com 


cate versions of items—that is, items that 
Outlook deems to be the same but that 
are in conflict. 

Many of the options available in Out¬ 
look 2007's Mailbox Cleanup window (e.g., 
archiving, emptying deleted items) are 
available elsewhere as well or can 
be centrally managed by an email 
administrator in a corporate setting. But 
users can take 
advantage of 
this all-in-one 
interface to im¬ 
prove their cli¬ 
ent experience 
and Outlook's 
performance. 

— William Lefkovics 
InstantDoc ID 97031 
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■ ASK THE EXPERTS 


Q: What happens when a Microsoft 
Office Outlook cached mode client 
limits the .OST file to a size smaller 
than the mailbox size? 

A: For Outlook clients, there's a registry entry 
to limit the physical file size of a .pstor.ost 
file. This is described in the Microsoft article 
"How to configure the size limit for both (.pst) 
and (.ost) files in Outlook 2007 and in Outlook 
2003 "tinyurl.com/93ercf. The article identifies 
the DWORD entry called MaxLargeFileSize for 
Unicode .pst or .ost files. For legacy ANSI .pst/ 
.ost files, which have a limit of 2 gigabytes, 
the DWORD value name is MaxFileSize. The 
DWORD value in megabytes is found in 
HKEY_CURRENT_USER\Software\Policies\ 
Microsoft\Office\\Outlook\PST\. 

For the Office_Version, Office 2007 is 
version 12.0 and Office 2003 is 11.0. Even 
though the key is called PST, it applies to 
OST files as well. Follow the knowledge 
base article if you want to create these 
limits and even establish warning thresh¬ 
olds for your users as their .pst or .ost files 
grow. 

You can also assign a maximum mail¬ 
box size on the Exchange Server. When a 
user is configured with Exchange Cached 
Mode, a slave copy of the mailbox is cre¬ 
ated and stored on the client machine 
with the extension .ost. An .ost file has 
the same limitations as a .pst file. It also 
maintains a different database structure 
than the message stores on Exchange. The 
amount of disk space needed for offline 
folders (.ost) to host the same content as 
found in the Exchange mailbox can be 
anywhere from 10 percent to 50 percent 
greater. So, what happens if the registry 
entry described earlier is configured to be 
smaller than the Exchange Server mailbox 
quota allows? 

I tested this scenario with Microsoft 
Outlook 2007 in cached mode against 
an Exchange Server 2007 server. I sent 
large emails from another user to the test 
mailbox. The sender wasn't notified of 
any problem at all, and this makes sense. 
The test recipient mailbox provided two 
separate pop-up alert messages tell¬ 
ing the user of a quota problem. If the 
mailbox was already open and a message 
was received that caused the .ost file to 
surpass the maximum file size, the user 


received a pop-up alert message. If the 
user logged on and the maximum file 
size was attained during synchronization, 
then the Mailbox Cleanup dialog box was 
displayed. 

Note that the Mailbox Cleanup dialog 
box did appear in some tests when the 
user was already logged in when the 
maximum file size was reached, but this 
was inconsistent. Both the pop-up alert 
message and the Mailbox Cleanup dialog 
box advise the user to reduce the mailbox 
size.The Mailbox Cleanup dialog box does 
provide more comprehensive options. 

So if the mailbox reached its quota, 
why didn't the sender receive notice? Well, 
the .ost limitation is a client-side configu¬ 
ration. The email sent to the test user was 
actually received in the Exchange mailbox. 
The smaller quota assigned to the .ost 
file didn't allow Exchange to synchronize 
with the cached mode Outlook client. 
Message tracking on the Exchange Server 
showed that the message was success¬ 
fully delivered to the test user's mailbox. 
The test user was also able to log onto 
Outlook Web Access (OWA) and see the 
content that arrived after the .ost maxi¬ 
mum file size was reached. After the test 
user deletes some mailbox content using 
Shift-Delete and reduces the .ost file size 
sufficiently below the maximum size al¬ 
lowed by the registry entry shown earlier, 
then Outlook will download content dur¬ 
ing synchronization. In some of my tests, 
it took a few Send/Receive requests from 
Outlook to show the new content to the 
Outlook client. 

— William Lefkovics 

InstantDoc ID 101096 

Q: How can I change the default 
Active Directory (AD) location that's 
used when no explicit location is 
specified for new user and com¬ 
puter accounts? 

A: By default, new user and computer ac- 
counts are put in the predefined AD Users 
and Computers containers. Microsoft created 
these containers for interoperability with 
Windows NT 4.0 domains. When you upgrade 
a Windows domain from NT 4.0 to Windows 
2000, Dcpromo puts all existing user accounts 
in the Users AD container and all existing 


computer accounts in the Computers AD 
container. 

The Users and Computers contain¬ 
ers aren't AD organizational units (OUs), 
so you can't link OU-level Group Policy 
Objects (GPOs) to them. You can, however, 
subject objects in the Users and Comput¬ 
ers containers to domain-level and site- 
level GPOs. If you want to use OU-level 
GPOs for your user and computer objects, 
you must create proper AD OUs. If you do 
so, it's a good practice to change the de¬ 
fault location for new user and computer 
objects. Changing the default location 
can be handy when, for example, you 
script the creation of AD accounts and you 
don't explicitly provide an AD location. To 
change the default location, use the Redi- 
rusr and Redircmp command-line utilities. 

To change the default location of new 
user accounts to an OU named usersou in 
th e contoso.com domain, use following 
command. 

redirusr ou=usersou,dc=contoso, 
dc=com 

Before you run Redirusr or Redircmp 
you should make sure that the new default 
containers actually exist in AD. Also, to use 
Redirusr and Redircmp your domains must 
be at the Windows Server 2003 functional 
level—they can contain only Windows 
2003 Domain Controllers (DCs), not 
Win2K or NT 4.0 DCs. When you change 
the default location, the DC with the PDC 
emulator Flexible Single-Master Operation 
role should be online. The default location 
changes are written to the wellKnown 
Objects attribute of the AD domain object 
on the PDC emulator. 

—Jan De Clercq 

InstantDoc ID 101228 

Q: My Windows Preinstallation 
Environment (WinPE) is perform¬ 
ing very poorly. I think it's out of 
memory. How can I add more? 

At Even though your machine may have 
gigabytes of RAM, by default WinPE only 
allocates 32 MB of scratch space, which is 
writable memory available on the WinPE 
system volume RAM disk. You can change the 
scratch space to be 32,64,128,256, or 512 MB 
when you create the WinPE environment. The 
command 
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peimg /scratchspace=<new size> / 
image=<mount path of the PE> 

will allow you to modify the scratch space. 

—John Savill 

InstantDoc ID 101519 

Q. Why does the network adapter 
for my Microsoft Failover Cluster 
Virtual Adapter (NetFT) show as 
100 Mbps, when all my networks 
are 1 Gbps or faster? 

A! All adapters must have a network speed, 
and for NetFT Microsoft chose 100 Mbps. This 
is an arbitrary value and doesn't actually limit 
the speed of data sent via NetFT to 100 Mbps. 
In the release candidate and final version of 
Windows Server 2008 R2, the NetFT adapter 
speed will be changed from 100 Mbps to 10 
Gbps. 

—John Savill 

InstantDoc ID 101415 


Q. I get an error when I try to run 
W32tm commands and when I try 
to sync time. What's wrong? 

At The first thing to do is to make sure the 
Windows Time service is present. Most likely 
it isn't, and has been uninstalled somehow. 
The solution is to unregister then register the 
Windows Time service using the following 
commands: 

W32tm /unregister 
W32tm /register 

The Windows Time service now is available 
and time commands should work. 

—John Savill 

InstantDoc ID 101289 

Q: How can I apply different soft¬ 
ware restriction policy (SRP) rules to 
different user accounts on a com¬ 
puter that isn't part of a domain? 


A! You can configure SRP rules from 
the Group Policy Object (GPO) settings. 

SRP rules are in the User Configuration 
Windows Settings\Security SettingsV 
Software Restriction Policies container. 

In your case, I advise you to configure an SRP 
hash or path rule for restricting user access 
to certain programs. If your computer isn't 
joined to a Windows domain, you must use 
Local GPO (LGPO) settings to set up the 
restrictions. 

The main disadvantage of using LGPO 
settings is that OSs released before Win¬ 
dows Server 2008 and Windows Vista let 
you configure only a single LGPO, and that 
LGPO applies to all users on a machine. 
Having only one LGPO means you can't 
create different settings for different users 
or groups, so you can't configure different 
SRP rules for different accounts in Win¬ 
dows XP and earlier OSs. ^ 

—Jan De Clercq 
InstantDoc ID 100915 


Next-Generation Enterprise Backups 

R1 Soft Continuous Data Protection®,Tools for Windows & Linux 
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RISoft 

CDP Server 

Acronis 

True Image 
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Tivoli® 
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Tech ed I spotlight 

north america 2009 ' 



TechEd is one of the most 
significant IT conferences of 
the year, and TechEd 2009 is 
no exception. Windows IT Pro 
and SQL Server Magazine will 
have a significant presence 
at the show. Here are some 
highlights to watch for: 


Win a Prize at the Windows IT Pro Booth! 

Be sure to stop by the Windows IT Pro/SQL Server Magazine booth (#411) to enter a contest 
and to chat with some of our editors and authors. We always like to hear feedback from 
readers, so let us know what you like (and don't like) about our coverage. 

Author Sessions and Roundtables 

B A few of our authors are giving presentations at the show, including Senior 
Contributing Editor Mark Minasi (with sessions on Windows Server 2008 R2 
AD features, Windows Kerberos, and Security with UAC/WIL) and Rhonda 
Layfield (presenting a Windows 7 from A to Z preconference session with 
Mark Minasi). SQL Server Magazine Contributing Editor Kalen Delaney will 
deliver a session about solving real-world DBA issues. 

2009 Best of TechEd Attendees' Pick Awards 

You'll also want to cast your vote in the 2009 Best of TechEd Attendees' 

Pick Awards, which lets TechEd attendees pick their favorite products 
on display at the show. You'll find voting kiosks scattered throughout 
the show floor that you can use to log on to the contest website and cast your ballot. 

Live Blogs and Twitter Feeds 

We'll be covering the show with some live blogs and Twitter feeds, so be sure to bookmark the 
WindowsITPro.com and SQLMag.com websites and follow our Twitter accounts for updates: 
■ Best of TechEd Award; www.twitter.com/bestofteched09 
■ Windows IT Pro : www.twitter.com/Windowsitpro 
■ SQL Server Magazine : www.twitter.com/SQLServerMag 
■ Jeff James: www.twitter.com/jeffjames3 
■ Amy Eisenbei www.twitter.com/witproamy 
■ Sheila Molnai www.twitter.com/sqlmagsheila 



Game on 

- the pursuit for gold begins ... 


d Specops Software 

Join us at Tech* Ed 


Visit www.specopssoft.com/qold for a chance to win real GOLD! 
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COVER STORY 


Reader to Reader: 

IT Solutions 
from the 
Trenches 



At Windows IT Pro, we believe in 
bringing you field-tested, practi¬ 
cal solutions. Reader to Reader 
content puts experts like you 
directly in contact with the solu¬ 
tions other reader-experts have 
discovered. We are proud to fea¬ 
ture Reader to Reader solutions 
from the trenches for this April 
cover story. We encourage all 
of you to share your tips, tricks, 
workarounds, 
and solutions 
for Windows 
systems admin¬ 
istration. Send 
them to us at 
r2r(g)windows 

itpro.com. 




—Amy Eisenberg, 
executive editor, 
Windows IT Pro 


Use Powercfg to 
Control Laptops' 
Power-Management 
Settings 

Sometimes manually configuring these 
settings isn't practical 

A t the hospital in which I work, the nurses use wireless laptops running 
Windows XP SP2 to access an application service provider (ASP) applica¬ 
tion. When the nurses stopped using the hosted application to perform 
other duties, the laptops went into standby mode, which caused the laptops 
to disconnect from the network and the hosted application. When the nurses 
would start using the laptops again, the connection to the network was auto¬ 
matically reestablished but not the connection to the hosted application. The 
nurses wanted to know whether there was a way to prevent the hosted applica¬ 
tion from disconnecting. 

Manually disabling the standby mode in the Control Panel Power Options 
applet didn't work because the laptops weren't assigned to individual nurses. 
Thus, XP would reset to the default settings whenever a different nurse logged on 
to a laptop. With 15 laptops and more than 15 nurses, I felt like I was chasing my 
own tail. 

I looked for a Group Policy Object (GPO) to control XP's power-management 
settings, but I couldn't find any. I finally found Powercfg, a command-line utility 
that's part of XP SP2 and later, as well as Windows Server 2003 and later. You can 
use Powercfg to perform many tasks, including: 

• Finding out a machine's built-in power schemes (e.g., Always On, 
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Minimal Power Management) and 
custom power schemes 

• Creating or deleting a power scheme 

• Finding out a power scheme's current 
settings (e.g., when to go into standby or 
hibernate mode) 

• Changing a power scheme's settings 

• Activating a power scheme 

I decided to change the settings of the built- 
in Always On power scheme so that the 
standby and hibernate modes would be dis¬ 
abled when the laptops were plugged into 


electrical outlets. The following commands 
change those settings, then set Always On as 
the active power scheme: 

powercfg /change "always on" 
/standby-timeout-ac 0 
powercfg /change "always on" 
/hibernate-timeout-ac 0 
powercfg /setactive "always on" 

I incorporated these commands into the 
logon script used for the nurses. Now when a 
nurse logs on to one of the laptops, Powercfg 


configures the machine so that the standby 
and hibernate modes don't kick in. With this 
configuration, the laptop doesn't disconnect 
from the network and the hosted application 
continues to run even when the nurses are 


performing other duties. 



InstantDoc ID 101379 


Chris DeRusseau 

(chris.derusseau@austinsurqical 

hospital.com ) is the IT director 
at Austin Surgical Hospital in 
Austin, TX. 



Utility Can Help Reduce UAC Headaches 
When Working with Scripts 

Run .vbs and .js scripts under administrative privileges with just a few clicks 


I was almost ready to downgrade my 
home PC's OS from Windows Vista to 
Windows XP after yet another ordeal 
with User Account Control. UAC's secu¬ 
rity policies in Vista and Windows Server 
2008 make developing and testing scripts 
frustrating and more time consuming. To 
avoid the hassles, you can disable UAC, 
but that's not recommended because of 
the need for heightened security. Alterna¬ 
tively, you can log on using Vista's built-in 
Administrator account, but that involves 
several steps and some precautions. (See 
the web-exclusive article “Vista's UAC Can 
Cause Problems When Writing and Run¬ 
ning Scripts" a t windowsitpro.com/article/ 
articleid/99913/99913.html.) 


Listing 1:The Elevatelt Subroutine 


Sub Elevatelt 

Set objShell = CreateObject("Shell.Application") 

Set FSO = CreateObject("Scripting.FileSystemObject") 
If FSO.FileExists(filei.value) Then 
1 ScriptFile = Chr(34) & Filel.Value & Chr(34) 

) objShell.ShellExecute "wscript.exe",ScriptFile,"" 
Else 

MsgBox "File Not Found" 

End If 
End Sub 


a workaround: the Elevate Script HTML 
Application (HTA). This utility lets you run a 
VBScript or JScript script under administra¬ 
tive privileges with just a few clicks. As Fig¬ 
ure 1 shows, you just need to browse to the 
script, click the ElevateScript button, then 
click Continue in the UAC box that pops up. 
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Figure 1 :The Elevate Script HTA's Ul 


When I calmed down a bit, I decided 
to try to find another solution rather than 
downgrade my OS. After a fair amount 
of digging and some coding, I devised 


U»r Account -Control 


Windows (reeds yout pet mission to continue 


if yeu flirted Uhl Kt^wi «rrtinM. 


k- 


Micros^ (R[ MaeIdws Script Hot! 
Microsoft Winders 


v 


U-sei Account Cdt^idI Ihrtp. sicp un arid honied cti*rvq« Id your campul e-r. 


Although I wrote the HTA to work on Vista, 
it will also work on XP. 

The Elevate Script HTA relies mainly on 
the Elevatelt subroutine in Listing 1. The 
focal point of this subroutine is the Shell- 
Execute method of the ShelLApplication 
object in the Windows Shell API for script¬ 
ing. This method lets you use the runas 
verb, which prompts the shell to give the 
user a higher level of system privileges when 
executing a certain operation. (The user 
must already have 
the privileges neces¬ 
sary to execute that 
operation. Runas 
doesn't assign new 
privileges; it simply 
elevates them.) 

Callout B in List¬ 
ing 1 shows the com¬ 
mand that includes 
the ShellExecute 


CDrebrstrE 


Cancel 
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method. As you can see, you need to 
include several parameters when calling 
this method. According to MSDN's ShellEx- 
ecute Method web page fmsdn.microsoft 
.com/en-us/library/bb774148(VS.85) 

.asnx) , the method's syntax is 

ShellExecute(sFile [, vArguments] 

[, vDirectory] [, vOperation] 

[, vShow] 

Let's first take a look at the vOperation and 
sFile parameters. The vOperation parameter 
stipulates the operation to be performed on 
the file specified by the sFile parameter. In 
the code at callout B, the parameters are 
runas and wscriptexe, respectively, which 
tells ShellExecute to elevate the privileges 
of the user running Windows Script Host's 
(WSH's) WScript engine. 

Although the sFile parameter is required, 
the vOperation parameter is optional. When 
you use the vOperation parameter, it needs 
to be set to a verb supported by the file. 
(For more information about verbs, see 
MSDN's Verbs and File Associations web 
page a tmsdn.microsoft.com/en-us/library/ 
cc!44175.aspx .) 

Like the vOperation parameter, the 
vArguments, vDirectory, and vShow 
parameters are optional. The vArguments 
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in 


parameter contains the arguments for the 
operation. In this case, there's one argu¬ 
ment: The pathname of the script you want 
to run under administrative privileges. 
The HTA's input field contains that path¬ 
name (i.e., File Lvalue), so the Elevatelt 
subroutine retrieves it. To make this HTA 
work with XP, the pathname needs to be 
enclosed in double quotes. So, instead 
of using File Lvalue as the vOperation 
parameter, I added the necessary double 
quotes to the pathname and stored it in the 
ScriptFile variable, as callout A in Listing 1 
shows. ScriptFile is then used as the vArgu¬ 
ments parameter. 

The vDirectory parameter is used to 
specify the fully qualified path of the direc¬ 
tory that contains the file specified by sFile. 
Because WScript is in the Windows path, 
there's no need to specify this directory. 
However, you still need to include an empty 
string 

The vShow parameter stipulates how 
to initially display the window that belongs 
to the application that performs the opera¬ 
tion. It can take one of the following val¬ 
ues: 

• 0—Open with a hidden window. 

• 1—Open with a normal window. 

• 2—Open with a minimized window. 

• 3—Open with a maximized window. 


• 4—Open with the window at its most 
recent size and position. 

• 5—Open with the window at its current 
size and position. 

• 7—Open with a minimized window. The 
active window remains active. 

• 10—Open with the window in the 
default state specified by the application. 

I wanted the window opened in a normal 
state, so I used a value of 1. 

Elevate Script HTA is a simple applica¬ 
tion when it comes to coding but is quite 
handy when you write and run scripts on 
Vista and Server 2008 because it reduces the 
scripting headaches brought on by UAC. 
You can download this HTA by going to the 
Windows IT Pro website f www.windowsit 
pro.com ), entering 101460 in the Instant- 
Doc ID box, clicking Go, then clicking the 
Download the Code Here button. You don't 
need to customize the HTA at all before 
using it. 

InstantDoc ID 101460 
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(jturnervbs@gmail.com ) is a 
domain administrator and appli¬ 
cations developer for Computer 
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An Easy Way to Get Numerous Files Into 
and Out of SharePoint Document Libraries 

This simple solution works with MOSS 2007 and WSS 3.0 


A lot of companies are now using 
Microsoft Office SharePoint Server 
(MOSS) 2007 or Windows SharePoint 
Services (WSS) 3.0 for document sharing 
and collaboration in their organizations. 
(In case you're unfamiliar with SharePoint, 
MOSS 2007 is a licensed server product 
whereas WSS 3.0 is a free download. For 
more information, see "SharePoint FAQs," 
February 2009, InstantDoc ID 101148 .) 
One of the most widely used SharePoint 
functionalities is document management 
using SharePoint document libraries. A 
few of my customers are using SharePoint 
document libraries to store their internal 


documents to take advantage of features 
such as version control, recycle bins, and 
content approval. 

Out of the box, SharePoint provides an 
easy way for end users to upload a few files 
into the document library or download a 
few files from the document library. How¬ 
ever, IT administrators (and even some end 
users) might need to upload or download 
numerous files. A question I'm commonly 
asked by IT administrators is, "What's the 
easiest way to upload or download a large 
number of files?" 

The solution is straightforward and 
quick to implement. After you log on to the 


SharePoint document library, click Actions, 
followed by Open with Windows Explorer. 
After Windows Explorer opens, you can 
upload and download files and folders using 
the standard cut-and-paste or copy-and- 
paste operation. 

InstantDoc ID 101385 
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• Use PowerShell to Execute Commands 
* on Remote Machines 

An alternative to using PsExec 


I wanted to run the ipconfig /all command 
on all my remote servers and have the 
results returned to my local machine. 
I knew that I could use PsExec from the 
PsTools suite, but I wanted to see how well 
PowerShell 1.0 worked for this task. (In 
PowerShell 2.0, you can run PowerShell 
commands directly against remote comput¬ 
ers, but this version is still in the Community 
Technology Preview—CTP—stage.) After 
some investigation and trial runs, I created 
the RemoteProcess.ps 1 script in Listing 2. 

As callout A in Listing 2 shows, you 


can use Windows Management Instrumen¬ 
tation's (WMI's) Win32_Process class to 
run a remote process in PowerShell 1.0. 
Specifically, I use the [WMI] type accel¬ 
erator to connect to WMI's ROOT\CIMV2 
namespace and access the Win32_Process 
instance on the computer that's specified 
in the $s variable. (Lor information about 
the [WMI] type accelerator, see the web- 
exclusive article "Type Accelerators: A Useful 
But Undocumented Leature in PowerShell 
1.0" at windowsitpro.com/article/articleid/ 
101451/101451.html .) I then use that class's 
Create method to start a remote process 
that runs the ipconfig /all command. The 
command's results are stored in a text file on 


the remote server's C drive. This output file's 
name follows the format $s-ipconfig.txt, 
where $s is the remote server's name. 

Besides storing the ipconfig command's 
output, I capture the return value of the 
Win32_Process class's Create method. This 
method returns a value of 0 when the 
process is successfully created; any other 
number indicates an error. The different 
values are shown in the switch statement 
at callout B in Listing 2. (You can find more 
information about them in MSDN's Cre¬ 
ate Method of the Win32_Process Class 


web page at msdn.microsoft.com/en-us/ 
library/aa389388(VS.85).aspx .) When the 
Create method returns a value, this switch 
statement displays the remote server's 
name followed by the appropriate mes¬ 
sage based on that value. Lor example, if 
the Create method returns a value of 2, 
the switch statement displays the message 
Access Denied after the remote server's 
name. 

When the Create method is successful, 
the ipconfig /all command runs and the 
results are saved on the remote server's C 
drive. I didn't want to keep the results on 
each remote machine, so I used the Move- 
Item cmdlet in the statement 


Move-Item -path \\$s\c$\$s-ipconfig.txt 

Sdestination -force 

to move them to my local machine. How¬ 
ever, when I ran the script multiple times 
to test it, I received an error message along 
the lines of Move-Item: Cannot find path 
‘\ \mycomputer\c$\mycomputer-ipconflg. txf 
because it does not exist. Only then did I 
realize that it takes time to run a Win32 
process on a remote machine that's across 
a network—and PowerShell doesn't wait 
for that process to terminate before it starts 
executing the next command. So, when 
PowerShell started executing the Move-Item 
cmdlet statement, it couldn't find the file 
because the file didn't exist yet. 

To overcome this problem, I used the 
Microsoft .NET Lramework System.Diag- 
nostics.Process class's Start method to 
execute the Move-Item cmdlet because 
PowerShell then has to wait for the Win32 

It takes time to run 
a Win32 process on 
a remote machine 
that's across a 
network—and 
PowerShell doesn't 
wait for that process 
to terminate before it 
starts executing the 
next command. 

process to finish before continuing to the 
next command. As the code at callout C 
in Listing 2 shows, I also used the Sys- 
tem.Diagnostics.Process class's WaitLorExit 
method to set a maximum wait time. That 
way, PowerShell won't continue until either 


Listing 2: RemoteProcess.psI 


Sdestination = "\\mycomputer\d$\ipconfig" 

Sservers = Get-Content D:\servers.txt 
foreach ($s in Sservers) 

{ 

(A) Sresult = ([WmiCl ass]"\\$s\R00T\CIMV2:Win32_Process").create 
("cmd /c ipconfig /all > c:\Ss-ipconfig.txt") 

switch (Sresult.returnvalue) 

{ 

0 ("Ss Successful Completion."} 

2 {"Ss Access Denied."} 

3 {"Ss Insufficient Privilege."} 

8 {"Ss Unknown failure."} 

9 {"Ss Path Not Found."} 

21 {"Ss Invalid Parameter."} 
default {“Ss Could not be determined."} 

} 

if (Sresult.returnvalue -eq 0) 

{ 

(Q [diagnostics.process]::start("powershell", "-command & 

{move-item -path \\Ss\cS\Ss-ipconfig.txt Sdestination -force}") 
.waitforexit(3000) 

} 
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the remote process finishes or 3 seconds 
have elapsed. (For more information about 
the Start and WaitForExit methods, see 
the web-exclusive article "Q. When I run a 
Win32 process from Windows PowerShell, 
how can I pause PowerShell so that the pro¬ 
cess can exit before I run other PowerShell 
commands?" a t windowsitpro.com/article/ 
articleid/100102/100102.htmU 

You can download RemoteProcess.ps 1 by 
going to the Windows IT Pro website fwww 
.windowsitpro.com) , entering 101432 in the 
InstantDoc ID box, clicking Go, then clicking 
the Download the Code Here button. Before 
you use RemoteProcess.ps 1, you need to 
customize it and create an input file. 

To customize RemoteProcess.ps!, open 


it in a text editor, such as Notepad. In the first 
line 

$destination = 

"\\mycomputer\d$\ipconfi g" 

change \\mycomputer\d$\ipconfig to the 
location where you want to store the output 
files. In the second line 

$servers = Get-Content D:\servers.txt 

change D:\servers.txt to your input file's 
pathname. 

To create the input file, construct a text 
file that contains the names of the remote 
servers on which you want to run the ipcon- 


fig /all command. Each server name needs 
to be on a separate line. 

I wrote this script for remote servers 
running Windows Server 2003. You need 
to run PowerShell as an administrator for 
this script to work because there's no way to 
provide alternative credentials when using 
the [WMI] type accelerator. 

InstantDoc ID 101432 
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• How to Allow Shortcuts When Using SRP 
on Windows XP Workstations 

By default, Software Restriction Policy (SRP) won't allow them 


I n Windows Vista and Windows XP, soft¬ 
ware restriction policies (SRPs) provide 
an additional level of protection against 
unauthorized software on users' worksta¬ 
tions. Using SRPs' built-in rules allows 
programs in protected locations such as 
%ProgramFiles% and %SystemRoot% to be 
launched without restrictions. Setting the 
default security level to Disallowed prevents 
executables in other locations from running, 
which is useful considering the trend toward 
portable applications. 


In XP, one problem with simply switch¬ 
ing on SRP and setting the default security 
level to Disallowed is that the built-in rules 
don't allow users to launch applications from 
desktop shortcuts. In most organizations, this 
is an unacceptable trade-off between security 
and functionality because users often rely on 
shortcuts to run applications. 

One way to work around this problem 
is to add an additional path rule, as Figure 
2 shows. Adding the *.lnk path rule reen¬ 
ables all shortcuts on the user's machine. 


Many users 
rely on desktop 
shortcuts to launch 
applications, so 
not allowing 
them is often 
unacceptable. 

Interestingly, this path rule doesn't actually 
contain a path. It just contains the string 
*.lnk. 

In Vista, SRP has been improved to allow 
shortcuts when the default security level is set 
to Disallowed. So, you don't need to add this 
path rule on Vista workstations. 

InstantDoc ID 101420 

Russell Smith 

(rms45@rsitc.com) is an indepen¬ 
dent IT consultant. He has been 
working in IT since 2000, special¬ 
izing in systems management and 
security. 



Figure 2: Adding the *./n/c path rule to allow shortcuts 
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■ Scripting on 
a Cluster 

It's not as straightforward as you might think 



I recently had to run a .cmd script on 
a cluster to determine the size of the 
cluster resource. Running the script 
remotely took more than two hours and 
produced a lot of network traffic, so I 
decided to run the script locally on each 
cluster node. 

Running a script on a cluster might 
seem like it should take the same amount 
of effort as running a script on a standalone 
server, but that's not the case. There are 
extra steps you need to take when schedul¬ 
ing a script or another process to run on a 
cluster. Because there's the possibility of a 
cluster resource failing over to another cluster 
node, you need to make sure that the script 
exists on all the nodes that the resource could 
possibly fail over to. However, you also need 
to make sure that the script executes only on 
the active cluster node. You can accomplish 
both objectives using a second script like the 
FindClusterResource.vbs script in Listing 3. 

FindClusterResource.vbs checks for the 
existence of the resource drive. When the 
resource drive exists, it runs the primary 
script SpaceReportcmd. When the resource 
drive doesn't exist, FindClusterResource.vbs 
ends and SpaceReportcmd doesn't run. 
Because the cluster resource can reside on 
only one node at any given time, Space- 


Report, cmd executes only on the node 
where the cluster resource resides. 

Callout A in Listing 3 highlights the test 
used to determine whether the resource 
drive exists. In this test, FindCluster¬ 
Resource.vbs calls the GetDrive method of 
the FileSystemObject object, which is part of 
the Microsoft Scripting Runtime Library in 
Windows Script Host (WSH). The GetDrive 
method returns a Drive object for the drive 
in a specified path. When the drive doesn't 
exist, an error occurs, which is indicated by 
a value of 0. So, after the GetDrive call, Find¬ 
ClusterResource.vbs tests for a value of 0. 
When this value is present (i.e., the resource 
drive doesn't exist), FindClusterResource 
.vbs ends. When this value isn't present 
(i.e., the resource drive exists), FindCluster¬ 
Resource.vbs uses the WshShell object's 


Run method to run SpaceReportcmd as a 
new process on that node. 

You can download FindClusterResource 
.vbs by going to the Windows IT Pro website 
(www.windowsitpro.com) , entering 101466 
in the InstantDoc ID box, clicking Go, then 
clicking the Download the Code Here but¬ 
ton. To use this script, you need to custom¬ 
ize it in two spots. First, in the code 

TaskNamel = _ 

"C:\Scripts\SpaceReport\SpaceReport.cmd" 

replace C:\Scripts\SpaceReport\Space 
Report.cmd with the pathname to the pri¬ 
mary script. Second, in the code 

ResourceDrv = "X:" 

replace X with your resource drive letter. 

After you make these two changes, place 
FindClusterResource.vbs and the primary 
script in the same folder on each node in 
the cluster. Then use Task Scheduler to 
schedule FindClusterResource.vbs. When 
FindClusterResource.vbs runs, it will exe¬ 
cute your primary script, no matter where 
the cluster resource resides. Note that if a 
failover occurs during the scheduled task, 
the primary script will fail. However, this 
scenario is unlikely and there’s little you can 
do to compensate for it. 

InstantDoc ID 101466 
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There are extra steps 
you need to take when 
scheduling a script or 
another process to run 
on a cluster. 
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■ Minimize the Time It Takes to Send Files to 
1 Nondefault Printers 

Add printer shortcuts to the Send To menu 


T o print a file without opening it, you 
can right-click the file in Windows 
Explorer, then select the Print option. 
However, you can send a file only to the 
default printer this way. To send a file to a 
different printer, you need to open the file, 
select the Print option, select the desired 
printer, and click OK. I grew tired of hav¬ 
ing to perform all these steps every time I 
wanted to send a file to a different printer, so 
came up with an alternative. I added printer 
shortcuts to the Send To menu to minimize 
the time and effort it takes to send files to 
nondefault printers. 

In case you're unfamiliar with the Send 
To menu for a file, you access it by right- 
clicking the file in Windows Explorer and 
selecting the Send To option. The Send To 
menu can include shortcuts to printers, disk 
drives, Windows-based programs, com¬ 
pressed (zipped) folders, mail recipients, the 
desktop, and the My Documents folder. 

You can add a printer shortcut to the 
Send To menu in a matter of minutes. Sim¬ 
ply follow these steps: 

1. Navigate to the SendTo folder. A 
quick way to get to this folder in Windows 
XP is to copy the path C: \Documents and 
Settings\ %USERNAME96 \SendTo and 
paste it into Windows Explorer's address 
bar. In Windows Vista, use the path C: \ 
Users \ % USERNAME96\AppData \Roam- 
ing\Microsoft\Windows\SendTo. If the 
folder isn't visible, open any folder and 
click Folder Options on the Tools menu. 

(In Vista, you might need to press Alt to get 
the Tools menu to appear.) On the View 
tab of the Folder Options dialog box, select 


Open 

Edit 

New 

Print 

5ave As.. 
7-Zip 


Scan for Viruses... 

Open With 

► 

Voltage SecureFile 

► 

^iWinMerge 

Send To 

> 

Cut 


Copy 


Create Shortcut 

Delete 

Rename 


the Show hidden files 
and folders option in 
the Advanced settings 
section. 

2. Navigate to 
the window showing 
the printers available 
for your machine. 

In XP, you can do 
this by selecting 
Printers and Faxes 
from the Start menu. 

(Depending on your 
XP version and set¬ 
tings, you might have 
to access the Printers 
and Faxes window 
through the Control 
Panel's Printers and 

Other Hardware applet.) In Vista, go to 
the Control Panel's Hardware and Sound 
applet and select the Printers option. 

3. In the Printers and Faxes window (XP) 
or Printers window (Vista), find the printer 
you want to add to the Send To menu. Drag 
and drop it into the SendTo folder. 

Figure 3 shows my SendTo folder in 
which I added shortcuts for two nondefault 
printers. One shortcut is to a color printer 
(which I use when I need color copies) 
and the other shortcut is to a high-capacity 
black-and-white printer (which I use when 
I need to print 15 or more pages). 

Now when I want to send a file to a 
nondefault printer, I right-click the file in 
Windows Explorer and select the Send To 
option, which brings up the Send To menu 


,13 8 -Fulton-CL 
9-Broadway 

d I Compressed (zipped) Folder 
Desktop (create shortcut) 
G My Documents 


Notepad 


Figure 4: Send To menu that includes shortcuts for two 
nondefault printers 


that Figure 4 shows. I just click the nonde¬ 
fault printer I want to use. The file is then 
sent to that printer. 

For me, the printer shortcuts have often 
come in handy, saving me time and effort. 
They can save you time, too, if you print to 
nondefault printers. And adding the shortcuts 
takes only a few minutes, so it doesn't require 
a large investment of time to set up. ^ 
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Figure 3: SendTo folder in which shortcuts for two nondefault printers have been added 
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bragging now and then. 




That's why we're going to let our readers 
tell you why Windows IT Pro is the top 
independent publication and Web site 
in the IT industry. 

So, direct from our readers' mouths 
(yes—real 1 ”' 1 


on't take our word for it! Read our magazine 
jrctfiiafbut our web site today! Keep the discussions 
going by posting blogs, commentary, videos and more. 
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"Love this magazine. Lots of good, unbiased Windows/ 
Microsoft info. Tons of great content and articles...even 
some great IT humor!!" 


"This is *the* magazine dedicated to advanced topics on 
the Windows NT series (NT, 2000 and XP). As the most 
popular and one of the best operating systems, Windows 
NT series is incredibly complicated, and this magazine, 
issue after issue as well as on its cluttered website, gives 
you lots of detailed information." 


"Just want to commend you on a great article series 
on Powershell. It was fantastic. And your capping it off 
with the September 2008 article on managing AD with 
Powershell was a five-page knockout. Hey, that's why I 
subscribe to your magazine." 








FEATURED 


Login 



The Feature Behind the 

Remember my password 

Check Box 

The Stored User Names and Passwords feature revealed 

by Damir Dizdarevic 


R emembering and managing multiple 
usernames and passwords for accessing 
various resources can pose a problem 
for most users. Although many third- 
party credential management products 
are available, Windows Vista, Windows 
XP, Windows Server 2008, and Windows Server 2003 
have a built-in feature that automatically manages the 
usernames and passwords needed to access resources 
that require credentials other than the user's standard 
Windows logon credentials. This feature is called Stored 
User Names and Passwords. 

Stored User Names and Passwords lets you store 
credentials for local network and Internet resources. 
The types of credentials that can be created, managed, 
and used with this feature include: 

• Usernames and passwords 
• X.509 certificates (e.g., for smart cards) 

• Passports (e.g., .NET passports) 

If you're using Windows XP Home Edition, be aware 
that the XP version stores only passport credentials 
and RAS/VPN usernames and passwords. Let's look at 
the benefits that the Stored User Names and Passwords 


feature provides, how the feature works, and howto use 
it to manually manage credentials. 

The Benefits 

When users log on to a local computer or domain, they 
provide a username and password. After the logon, 
those credentials become the default security context 
for accessing other resources on the local network, the 
remote network, and/or the Internet. However, the 
credentials might not be sufficient for accessing all the 
resources that users need. For example, the credentials 
might not be sufficient for accessing websites that 
require authentication or domains without trust rela¬ 
tionships. If there are many such resources, users might 
need many different credentials. 

Similarly, administrators might need different cre¬ 
dentials. For example, they might log on to the network 
using their standard Windows logon credentials but 
need administrative privileges to perform specific tasks 
on remote servers. 

Having to remember multiple username and pass¬ 
word combinations can lead to bad password prac¬ 
tices, such as using weak passwords, using the same 
password for everything, and writing passwords on 
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pieces of paper. The Stored User Names 
and Passwords feature helps users avoid 
such practices because it securely stores 
and manages multiple credentials for them. 
Users will have single sign-on experience 
because they'll log on to only their com¬ 
puters or domains. Because users won't 
be forced to remember passwords, theyll 
be more likely to choose strong passwords, 
which can greatly increase overall security. 

Stored User Names and Passwords 
stores credentials in a secure part of a user's 
profile, so they can't be accessed by other 
users. If the user is configured to use a single 
profile across the enterprise (i.e., roaming 
profile), the stored usernames and pass¬ 
words are retained wherever the user logs 
on to the network. This further increases 
the functionality of this feature, while still 
keeping an acceptable level of security. 

How the Feature Works 

When a user tries to access a website or 
network location that isn't accessible with 
his or her default credentials, he or she is 
prompted for a username and password. 
After the user enters that information and 
selects the Remember my password check 
box, the logon information is stored within 
the user's profile. The next time the user 
connects to that resource those stored cre¬ 
dentials are used to automatically authen¬ 
ticate him or her. 

Every time a user clicks the Remember 
my password checkbox, the credentials are 
saved in the most general form possible. 
For example, if a user selects the Remember 
my password check box when he or she is 
accessing a specific server in the company 
.com domain, the credentials might be 
saved under *.company.com. If the user 
again selects the Remember my password 
checkbox when accessing a different server 
in same domain, Windows won't overwrite 
the previously saved credentials. Instead, 
Windows saves the new credentials using 
more specific information, such as server 1 
.company.com. Because of this setup, no 
more than one username and password 
can be stored for a specific logon, which is 
a slight limitation of the Stored User Names 
and Passwords feature. 

When multiple credential sets are stored, 
Windows orders them from most specific to 
least specific. When a user tries to access a 
resource not available under his or her cur¬ 


rent credentials, the authentication pack¬ 
age searches the Stored User Names and 
Passwords repository for the most specific 
credential set that matches that resource. 
If one is found, the authentication package 
uses it without any interaction from the 
user. If one isn't found, the user is prompted 
for a username and password. 

How to Manually Manage 
Credentials 

In addition to automatically creating 
and storing credentials by selecting the 
Remember my password check box, you can 
manually create credentials for a specific 
resource. Windows treats manually created 
credentials the same way as it treats those 
automatically created. 

Vista, XP, Server 2008, and Windows 
2003 provide a simple and intuitive inter¬ 
face for manually creating credentials. You 
can also view, edit, and remove existing 
credentials. Plus, in Vista and Server 2008, 
you can back up and restore saved creden¬ 
tial sets, which is useful. Figure 1 shows 
the interface—the Stored User Names and 
Passwords dialog box— in Vista. I'll describe 
how to access and use the Stored User 
Names and Passwords dialog box in XP and 
Vista. The processes will be similar in the 
corresponding server OSs. 

Accessing the Stored User Names and 
Passwords dialog box. In XP, accessing 
the Stored User 
Names and Pass¬ 
words dialog box 
differs slightly 
depending on 
whether the com¬ 
puter is in a work¬ 
group or domain. 

When the com¬ 
puter is in a work¬ 
group, open the 
Control Panel 
User Accounts 
applet, select the 
currently logged- 
on user, then click 
Manage my net¬ 
work passwords in 
the Related tasks 
pane. Only the 
credentials of the 
currently logged- 
on user can be 


learning Path 

To learn more about the Stored User Names and 
Passwords feature, check out 

"Behavior of Stored User Names and Passwords," 
support.microsoft.com/kb/281660 
"How to Manage Stored User Names and Passwords on 
a Computer in a Domain in Windows XP," 
support.microsoft.com/kb/306992 
"HowTo Manage Stored User Names and Passwords 
on a Computer That Is Not in a Domain in 
Windows XP," 

support.microsoft.com/kb/306541 
"Stored User Names and Passwords," 
technet.microsoft.com/en-us/library/ 

cc780436.aspx 


managed. If the computer is in a domain, 
open the Control Panel User Accounts 
applet, click the Advanced tab, then click 
the Manage Passwords button. 

In Windows Vista, you access the dialog 
box the same way, whether the computer is 
in a workgroup or domain. Open the Con¬ 
trol Panel User Accounts applet, click the 
User Accounts heading, then click Manage 
your network passwords in the Tasks area. 

Alternatively, you can access the User 
Accounts applet directly in Vista or XP by 
opening the Run window and running the 
command 

Control Userpasswords2 


Stored User Names and Passwords 


m i; m-.f 


Windows can stone your logon credentials for servers, Web sites, and 
programs. When you revisit one of those locations. Windows will try to log 
you on automatically. 


ddamir.logosoft.ba 
ddamir@msn.com (Windows Live) 
ddamir&S @hotmail .com {Windows Live} 

MicrosoftJWin lnet_windays .micnosoft .hr:443/windays .mit 
TERMSRV/10.0.0.7 [LegacyGeneric} 

TERMS R V/ddamir.logosoft .ba 
TER M S R V/exc-srv-DI .logosoft .ba (LegacyGeneric) 
TERMSRV/isa (LegacyGeneric) 


Add.. 


Remove 


Edit... 


Back up or restore credentials 

If you back up stored logon credentials, you can 

restore them ortransferthem to another computer. 


Back up... 


Restore... 


□ose 


Figure 1: Managing credential sets in the Stored User Names and Passwords 
dialog box 
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Storing multiple credential sets in one 
location is convenient but potentially risky, 
so it's important to keep workstations with 
store credentials secure. 


In the window that opens, click the Advanced 
tab, then click the Manage Passwords button. 
If you want to access the credentials for the 
currently logged-on user, run the command 

rundl132.exe keymg r.dl1,KRShowKeyMgr 

This command opens the Stored User 
Names and Passwords dialog box directly. 
At this point, you can add, edit, remove, 
back up, and restore credential sets. 

Adding a credential set. To manually add 
a credential set for a resource, click Add to 
bring up the Stored Credential Properties dia¬ 
log box, which Figure 2, page 30, shows. In the 
Log on to field, then enter the resource name. 
You can use a variety of formats, including 



hostnames (e.g., serverl) and Fully Quali¬ 
fied Domain Names (FQDNs—e.g. , server l 
.domainX.com ). You can even use wildcards 

(e.g ., * *.domainX.com ). However, keep in 
mind that if there are multiple credential sets 
that apply to the same resource, Stored User 
Names and Passwords will always use the 
most specific resource name. 

In the User name field, enter the user- 
name in one of the following formats: 

• DomainYUsername (e.g., DomainX\ 
Userl) 

• MachineYUsername (e.g., Computer 1\ 
Userl) 

• Username\Machine (e.g., Userl \ 
Computer 1) 


• Workgroup\Username (e.g., Sales\ 
User2) 

• Username Workgroup (e.g., User2\ 
Sales) 

• User principal name (UPN—e.g., 

Userl (a)domainX. com ) 

In the Password field, enter the password. 
Finally, specify whether the credentials are 
for Windows logon authentication or for 
website or program authentication. 

Editing a credential set. If you want to 
edit an existing credential set, select the 
resource from the list in the Stored User 
Names and Passwords dialog box, then 
choose Edit (Vista) or Properties (XP). You 
can edit only the username and password. 

Removing a credential set. If you want 
to delete an existing credential set, select 
the resource from the list in the Stored User 
Names and Passwords dialog box, then 
click Remove. 

Backing up and restoring creden¬ 
tial sets (Vista and Server 2008 only). 
Although automatically storing creden- 

- \ 
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Stored Credential Properties 




Type the name of a server or Web site, and the user name and 
password you use to access it. 


Log onto: | 

Username: 

Password: 


fi 


Credential type 

Q A Windows logon credential 

Choose this option to save a user name and password for 
a Windows server or other Windows computer. 


A Web site or program credential 

Choose this option to save a user name and password for 

a Web site or program. 


OK 


Cancel 


Figure 2: Manually adding a credential set 

tials is beneficial, it can pose a problem 
if they're lost. Vista and Server 2008 let 
you back up and restore credential sets 
with the Backup and Restore Wizard. For 
security reasons, the backup and restore 
processes can't be automated. The only 
way to back up or restore credential sets is 
to do it manually. 

To perform a backup in Vista, click the 
Back up button in the Stored User Names 
and Passwords dialog box. In the dialog 


box that Figure 3 
shows, browse to 
where you want to 
store the backup 
file and enter the 
name you want to 
give it. All creden¬ 
tial sets are stored 
inside a single .crd 
file that's encrypted 
with the Advanced 
Encryption Stan¬ 
dard (AES). After 
providing the loca¬ 
tion and filename, 
you'll be required to 
press Ctrl+Alt+Del 
so that Vista can 
switch to secure 
mode. Next, you'll 
be prompted to 
enter a password to 
protect the creden¬ 
tials. This password 
must be strong (i.e., 
contain uppercase 
and lowercase letters, numbers, and special 
characters). After entering and validating 
the password, the credentials will be saved 
at the specified location under the specified 
filename. 

If you need to restore credentials that 
were previously backed up, click the Restore 
button in the Stored User Names and Pass¬ 
words dialog box. Navigate to the .crd file's 
location and provide the password. Be 
aware that restoring credential sets from a 


backup file replaces any existing credential 
sets stored on the computer. 

Securing the Credentials 

Storing multiple credential sets in one 
location is convenient but potentially 
risky. Although credentials are stored in 
encrypted format within the SAM and user 
profile, attackers might be able to crack 
these passwords if they get physical access 
to the user profile files. 

To secure the credentials as much as 
possible, it's important to apply all neces¬ 
sary security measures. Those measures 
might include: 

• Having users protect unattended com¬ 
puters. For example, users should log 
off of or lock their computers when they 
leave them unattended for long periods 
of time. To protect computers that are 
left unattended for short periods, users 
should password protect their screen 
savers. 

• Securing laptops with BitLocker or a 
similar encryption program. That way, 
the data is protected if the laptop is lost 
or stolen. 

• Having users use a strong password 
for the standard Windows logon and 
change that password regularly. In a 
domain environment, it's best to use 
Group Policy to force password changes. 

• For extremely critical resources, you 
might consider disabling the Stored 
User Names and Passwords feature. 

A Convenient Tool 

The Stored User Names and Passwords 
feature is a convenient tool for users who 
use multiple credentials to access various 
network and Internet resources. It gives 
them a single sign-on experience. Although 
the stored credentials are encrypted, it's 
important to keep workstations with stored 
credentials secure. ^ 
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Stored User Names and Passwords 


Where do you want to back up your stored logon credentials? 

We recommend backing up user names and passwords on removable media 
instead of on your computer hard disk. This will make it easier to restore or 
transfer them if this computer is damaged. 


Back up to: 


Browse... 


This backup will indude only logon credentials that you've asked Windows to 
remember. It will not indude any credentials saved in your web browser. 


Next 


Cancel 


Figure 3: Backing up credential sets 
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SOLUTIONS PLUS 



PROBLEM: 

You want to boot your server 
from an iSCSI SAN, to save on 
hardware costs and gain data 
protection benefits. 

SOLUTION: 

Configure your SAN hardware, 
iSCSI-related services, and OS 
using special NICs or software. 

WHATYOU NEED: 

A server running at least 
Windows Server 2003, 

Gigabit Ethernet, an iSCSI 
boot-capable NIC, an iSCSI 
target, and a system BIOS that 
supports booting from an 
iSCSI SAN. 


Boot Directly 


from an 


SCSI SAN 


Configure a hardware iSCSI boot for economical 
data protection 


SOLUTION STEPS: 


1. Provision a SAN volume for 
boot from iSCSI. 

2. Configure your NICs to boot 
from iSCSI. 


3. Input iSCSI parameters via 
either the Microsoft iSCSI 
Software Initiator or DHCP. 

4. Configure your OS. 


Windows IT Pro 


room to scratch the surface of what's required 
to do so. In this follow-up, I'll discuss some 
of the reasons to boot directly from an iSCSI 
SAN and tell you the hardware, software, and 
other requirements for booting Windows 
servers from an iSCSI target. 

Why Boot From a SAN? 

You're probably familiar with the data pro¬ 
tection capabilities that SANs provide for 
traditional data volumes, including RAID, 
snapshots, replication, and Microsoft Mul¬ 
tipath I/O (MPIO) support. Most SAN ven¬ 
dors also provide robust hardware platforms 
that include redundant, hot-swappable 
components to minimize the potential for 
downtime. You might be thinking that you 
can already get these capabilities in a server, 
but these features all have costs, and adding 
them to many servers would make your 
expenses skyrocket. In some environments, 
such as blade computing, booting from SAN 
LUNs makes for great economies of scale. 
You invest in making the storage pool highly 
available and save on server hardware. 

SANs also give you a level of portability 
for bootable volumes that's difficult, if not 
impossible, to achieve using direct access 
storage. Consider the effort it would take 

www.windowsitpro.com 


by Ed Roth 

I n my article about the advantages 
of using iSCSI SANs as part of your 
virtualization infrastructure, "Bring¬ 
ing iSCSI SAN and Virtualization 
Together," fuly 2008, InstantDoc ID 
99229,1 mentioned that it's possible 
to boot from an iSCSI target, but I only had 
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SPECIAL ADVERTISING SUPPLEMENT TO WINDOWS IT PRO 




icrosoff Office SharePoint® Server (MOSS) 
2007 is proving to be a popular col¬ 
laboration, document management, and 
dashboarding tool for many organizations. 
Many companies that haven't yet deployed MOSS are 
considering large-scale production deployments, but they 
haven't given much thought to architecture, configuration, 
and deployment of a scalable, dependable MOSS environ¬ 
ment. This Essential Guide outlines deployment options for 
MOSS 2007 environments of multiple sizes through a better 
understanding of the base architectural components of 
MOSS.This guide, which can be used by both architects and 
implementers tasked with the deployment of a production 
MOSS environment, will cover server role placement, server 
farm topology, and virtualization options. 

An Introduction to MOSS Architecture 

On the surface, MOSS provides end users with a con¬ 
sistent and streamlined interface, and it's not readily 
apparent how the system is architected underneath the 
surface. Multiple terms and architectural concepts are re¬ 
quired for a full understanding of how to architect MOSS 
logically. While not an exhaustive list, becoming familiar 
with the MOSS architectural components described be¬ 
low can help you properly design and deploy MOSS. The 
terms are presented in top-down order, starting with the 
broadest architectural elements listed first, and drilling 
down to the actual content itself as it's stored in MOSS. 

• Farm - The core unit of a MOSS environment, the "farm" 
defines a server or group of servers that share common 
tasks. An environment can include multiple farms. Com¬ 
mon examples would be a farm dedicated to develop¬ 
ment, or a farm in the DMZ of a firewall for security. 

• Shared Services Provider - This concept, referred 
to simply as an SSP, is loosely defined as a common set 
of shared roles that can potentially be used by more 
than one server in a farm. An SSP includes Search and 
Index settings, "My Sites" personal site functionality, 
and Active Directory profile import settings. A farm 
can have more than one SSP, although it's common to 
only have a single SSP unless there are specific reasons 
to separate them. 

• Web Application - A Web Application roughly cor¬ 
responds to the concept of an Internet Information 
Services (IIS) Site. More than one Web Application can 
be created in scenarios when the traffic to a MOSS 
environment requires a different access method - for 
example, when Basic Authentication with an SSL cer¬ 
tificate is enabled on one Web Application but another 
one uses Integrated Windows Authentication. 

• Site Collection - A Site Collection is the base architec¬ 
tural unit that a SharePoint end user is aware of. A Site 
Collection is effectively composed of multiple Share- 
Point web sites, pages, and other content. Out of the 
box, it is also the top level for the default navigational 
elements built into MOSS. For scalability purposes, 
however, you will want to consider deploying multiple 
Site Collections for most MOSS environments, to allow 
the environment to grow and not run into limits. 

• Site - A Site or multiple sites exist within a SharePoint 
Site Collection. End users will identify the standard 
SharePoint site as being composed of elements such 
as document libraries, web part zones, and other con¬ 


tent. Sites are effectively the end user's workspace. 

• Document Library or List - A Document Library or List 
element is a container within a site where information 

is stored. Document Libraries, for example, are used to 
store multiple document types, such as Excel Spread¬ 
sheets, Microsoft Word docs, PowerPoint Slide decks, im¬ 
ages, and much more. Robust Document Management 
capabilities are built into SharePoint Document Libraries. 

• Content (Documents, List Items) - The actual content, 
whether it is a document, a picture, or a line of text within 
a SharePoint list is the "smallest" unit within SharePoint. It 
ultimately is what the end users are working with. 

A SharePoint farm is composed of one or more core 
server roles that each provide critical functionality in 
a SharePoint environment. Understanding what these 
roles are and how they work is subsequently critical for 
SharePoint architects and implementers. 

• Database Role - Nearly all content in a SharePoint 
environment, with the major exception of the search 
index, is stored on a server or servers that hold the 
database role. SharePoint supports Microsoft SQL 
Server 2000/2005/2008 for SharePoint databases. Every 
document in a document library, every component on 

a SharePoint page, and all list data is stored in SQL data¬ 
bases, so this role is subsequently highly critical. 

• Web Role -This server role is responsible for render¬ 
ing the content stored in SharePoint to the users. It uses 
Windows Servers IIS component as the engine for this 
functionality. Multiple web role servers can be load bal¬ 
anced for availability and/or scalability purposes. 

• Index Role - The Index role is required for search func¬ 
tionality to work in MOSS. This type of server actively 
uses an indexing engine to crawl content and collect 
all of the text embedded in that content and makes 

it available for search queries. The Indexing engine in 
MOSS is particularly powerful because it allows for the 
ability to crawl both SharePoint content and external 
content such as file servers, Exchange Public Folders 
and web sites and only return search results for content 
that the end user has the rights to see. This is referred to 
as "security trimmed" search capability. 

• Query Role - The Query role is distinct from the Index 
role in that it does not actively crawl or index content 
but instead is responsible for processing a user's search 
queries. In many environments this role shares space on 
the Index server, but for full high availability of MOSS it 
is necessary to co-locate the Query role on the Web role 
servers, or to deploy dedicated Query role servers. Keep 
in mind that any Query role machines must have avail¬ 
able disk space to store a copy of the index, as it will be 
automatically propagated to them. 

• Application Roles - The roles of Excel Services and 
InfoPath Forms Services are often collectively referred 
to as Application Roles. They can reside on their own 
server(s) in certain environments where they are heavily 
utilized. 

Depending on the needs of the organization, a Share- 
Point farm can vary in size from a single'all in one'server 
deployment to large, distributed farms with multiple 
servers. Deciding on deployment strategy and server role 
placement is an important next step in the design process. 




Deploying a Small MOSS Farm 

A huge advantage with MOSS is the fact that it can read¬ 
ily scale from the smallest organization to the largest 
global farm with relative ease. What this means is that if 
your SharePoint project starts small, it can be expanded 
as needed at a later date. 

Subsequently, a large number of MOSS farms that have 
been deployed have been deployed, at least initially, 
as small farms. Many of these environments deploy all 
MOSS Server roles on a single box, because a single server 
environment can handle a fairly large load of user activity 
without the need to separate onto multiple servers. 

A few key points that should be noted for small MOSS 
Farms include the following: 

• Installing MOSS with the "stand-alone" option is not rec¬ 
ommended because it will deploy a very limited version of 
SQL Server onto the server. For a production environment, 
it is much better to deploy a full version of SQL Server and 
then install the MOSS components on the same box. 

• The best way to improve performance in a small farm 
environment is by separating the SQL Database role 
onto a different box than the MOSS roles. This could 
conceivably be accomplished by installing the Share- 
Point databases onto a SQL Server that is used for other 
activities, assuming there is available processor and 
memory on that shared SQL box. 

• With any size farm, you should deploy Windows Server 
2008 because it is fully supported, has the best security 
model of any Windows Server OS to date, and can 
dramatically reduce traffic between client and server by 
taking advantage of IIS 7's dynamic data compression. 

• Even the smallest MOSS farms can take advantage of 
virtualization options for MOSS, which are outlined in 
more detail in later sections of this guide. 

A common and road tested server configuration for 
small MOSS farms consists of the following: 



Deploying a Mid-Sized MOSS Farm 

Larger SharePoint environments, growing SharePoint 
farms, and organizations for which SharePoint is mission 
critical often look to models that provide for high availabil¬ 
ity and that provide for better performance for their end 
users. These mid-sized MOSS farms have several features in 
common, such as the following: 


• The SQL Database role should be housed on a dedi¬ 
cated server, and is often times clustered to provide for 
better availability of the SQL content. 

• SharePoint roles are divided onto separate SharePoint serv¬ 
ers. For example, one common deployment model involves 
the deployment of two SharePoint servers that hold the Web 
and Query role, a dedicated Index server, and a dedicated 
SQL cluster. This five-server model is the smallest SharePoint 
environment that is fully redundant, because the loss of any 
one component would not affect immediate functionality. 

• From the beginning, it is critical to divide content into 
multiple Site Collections and house those Site Collec¬ 
tions in multiple content databases. This will allow your 
environment to be much more flexible as it grows. 

One common strategy for this is to create a new Site 
Collection for each business unit in an organization and 
house that Site Collection in its own Content Database. 
That way, as the business grows and SharePoint use 
increases, the databases remain manageable. 

• Mid-sized MOSS farms are especially positioned to be able to 
take advantage of virtualization options. For example, one 
virtualization strategy involves only two physical servers, but 
it allows for a fully redundant five-server SharePoint virtual 
farm to be provisioned. Refer to the upcoming section of this 
document on virtualization for more information. 

A common and road tested server configuration for 

mid-sized MOSS farms consists of the following: 



Scaling MOSS to the Enterprise 

As previously mentioned, MOSS scales quite well and can 
be expanded from serving hundreds of users to serving 
hundreds of thousands of users. The key to MOSS's flex¬ 
ibility is its ability to scale both up and out. Scaling up is 
accomplished by separating server roles onto dedicated 
servers - for example, the performance increases that can 
be obtained by separating the Query role onto dedicated 
servers. Scaling out is also possible by means of adding ad¬ 
ditional server roles to an environment - for example, by 
adding multiple Web Roles machines to a load balanced 
pool to allow for more user requests to be processed. 

In addition, large MOSS farms often take advantage of us¬ 
ing multiple SQL servers to store content databases. Indeed, 
it's relatively straightforward to move content databases to 
multiple SQL servers if a single server is becoming over- 



























Executive summary 

HP Japan built the technical informa¬ 
tion sharing portal site "Col la bo" for 
its engineers to offer to customers 
high-quality, value-added business 
technology services. Taking advantage 
of typical Web 2.0 technologies - such as 
wikis and blogs - the portal site allows 
HP engineers to distribute and store 
technical information, share documents 
and provide social networking services 
to encourage cross-organizational 
information exchanges, thus accelerat¬ 
ing online collaboration. HP Japan built 
the site on Microsoft® Office SharePoint® 
Server 2007 and HP BladeSystem c-Class 
server blades. 

Enabling an information¬ 
sharing environment 

HP Japan launched a Young Leader 
Development Program (YLDP) to groom 
its next generation of leaders. One of the 
main topics emerging from YLDP was 
the challenge of improving technical 
information sharing among engineers. 
Although HP Japan had a number of 
portal sites, many young engineers 
claimed it was hard to access the infor¬ 
mation: 

• Useful information existed in the com¬ 
pany, but was difficult to find because 
departments and staffers each stored 
technical information separately. 

• Horizontal searches across organi¬ 
zational borders were challenging, 
mostly because portal sites were built 
indiscriminately. 

• Information was obsolete or not the 
right content. 

• Updating the information was not easy 
for users because the administrator 
had exclusive updating permission. 

• There was no place to exchange infor¬ 
mation casually. 

Based on her experiences as a mem¬ 
ber of YLDP, Technical Information Shar¬ 
ing Task Force Project Manager Yumiko 
Yagi (now a Solution Architect for the 


Strategic Business Group) comments, 
"Technical information was accumulated 
by organizations, such as the system 
building department, support depart¬ 
ment and others. You needed to find 
someone who knew how to access and 
use this information. HP Japan has 
some 3,000 engineers. We realized 
that we needed to centralize all of this 
technical information accumulated by 
each engineer separately within each 
department; then, there would be 
more useful information sharing enter¬ 
prise wide." 

Yagi's appeal eventually reached and 
motivated HP's Japanese management, 
including Hisayuki Ishizumi, Director, 

Vice President and Executive Officer of 
HP Japan. As an advocate of the YLDP, 
Ishizumi approved the new project, and 
the Technical Information Sharing Task 
Force launched with the aim of build¬ 
ing the portal site, called Collabo."HP 
engineers have superior technological 
competencies," Ishizumi says."However 
this expertise was contained within the 
organizations they belonged to and 
closed to their peers. We deployed Col- 
labo to encourage our people to share 
information - throughout the lifecycle of 
system proposal, building, maintenance, 
operation, etc. - enabling us to offer 
higher-quality services." 

Embracing social networking 
services and Web 2.0 
technologies 

The Technical Information Sharing Task 
Force recruited members from various 
departments, regardless of their role in 
the organization. The project members 
established the heart of the Collabo por¬ 
tal site by implementing leading Web 
2.0 technologies and social networking 
services (SNS). 

Hiroyuki Inaba, who joined the Task 
Force as a dedicated technical engineer, 
explains: "Typical portal sites have one 
or two people in charge of administra¬ 
tion who update the information. We 
thought that our site should have an 
open, flexible structure so that any¬ 


one could revise any part of it at any 
time. We also wanted to facilitate the 
posting. Consequently, we considered 
wikis, blogs and other structures that 
encourage user participation - as well 
as bulletin board systems and online 
communities." 

Wikis allow anyone from anywhere 
on the network to update the infor¬ 
mation easily. Blogs make users feel 
comfortable in posting their ideas and 
opinions, which in turn, encourages 
readers to respond. These qualities can 
stimulate discussions. Consequently, 
useful technical information accumu¬ 
lates naturally. 

The Task Force activated cross- 
organizational information exchange 
and consolidation of the visualized 
technical information via SNS. Says 
Yagi,"As the community-based website 
services that encourage and support 
person-to-person relationships, SNS can 
enable the engineers to communicate 
smoothly and to build new relationships 
with those who hardly met under the 
previous environment." 

Support for Collabo 

As the Task Force looked for the most 
suitable solution, Microsoft Office Share- 
Point Server 2007 caught their attention. 
"It covers all the functions we wanted, 
including advanced search functions 
and high availability," Inaba says."It has 
high affinity with our standard client 
environment, operating system [Micro¬ 
soft Windows® XP] and Microsoft Office 
tools [Microsoft Office Word, Excel and 
PowerPoint]. We also had to consider 
linking with Microsoft Active Directory 
and Microsoft Exchange Server. In addi¬ 
tion to that, an older version of Microsoft 
Windows SharePoint Services had be¬ 
come widespread among our engineers. 
They had been using the product, which 
was a major reason for our choice, too." 

Their choice for the hardware 
platform: HP BladeSystem c-Class 
server blades and shared storage via 
an HP StorageWorks Enterprise Virtual 
Array-based storage area network (SAN). 




s HP engineers to 
>eeding innovation 


"We needed a system to achieve high 
manageability. HP BladeSystem c-Class 
was very attractive for this reason. The 
hardware contains the server, network 
switches, SAN switches and all of the 
components in one enclosure, which 
minimizes cabling tasks.The machine 
meets other requirements of running 
management and/or administration 
tools, such as HP Onboard Administra¬ 
tor and Insight Control,"says Inaba. 

Encourage engineers to 
post their information 

The center pillar of the portal is the 
Technical Community website inspired 
by SNS-style operations and designed 
to involve volunteers in many differ¬ 
ent activities. This makes the portal 
serve as an open space to encourage 
engineers to post their information. 
Taking advantage of wikis and blogs, 
the website enables the participat¬ 
ing engineers to improve technical 
information accuracy by exchanging 
information. In addition, the website 
allows informants to tag their docu¬ 
ments for referral by category, rather 
than pegging them to a specific tech¬ 
nical community. 

Collabo launched 15 technical 
communities when it began operat¬ 
ing. Nevertheless, these were not 
always sufficient tc cover all informa¬ 
tion sharing needs of the engineers. 
When engineers hesitate to post to the 
bulletin board system, Collabo pro¬ 
vides a different structure apart from 
technical communities to allow them 
to set up their personal website. Those 
who publicize their information on a 
personal website enjoy many benefits, 
including making themselves known 
with a profile, building a network with 
fellow workers and adding wikis and/ 
or blogs to initiate discussions and 
issue questions. Additionally, based 
on the policy of keeping in touch with 
existing systems, Collabo can accu¬ 
mulate mail messages from existing 
mailing lists and include them in the 
search results. 


Next target: starting point 
for engineers 

Reportedly 1,500 in-house engineers 
are using Collabo every month. 
However, the biggest challenge as an 
information sharing infrastructure is to 
involve more engineers.Therefore, HP 
Japan seeks to achieve 2,000 unique 
user accesses per day. To do so, Col¬ 
labo steers away from detailed rules 
and regulations regarding the level of 
information for posting. 

One future task is to let individual 
engineers realize the benefits of Col¬ 
labo through its large volume of accu¬ 
mulated information and/or personal¬ 
ized communications. "Imagine that 
you are an engineer who is required 
to find certain information about a 
certain technology for your project. 
How would you feel if you know that 
this is the portal to find such informa¬ 
tion, and it can benefit your practices? 
Such success will lead to synergy in 
the technical communities and per¬ 
sonal websites, increasing Collabo as 
a whole. So we are aiming to establish 
the portal as the engineers' must-see 
website at the beginning of their day," 
says Yagi. 

Objective 

Promote technical information 
sharing across organizations, enable 
quick access to technical informa¬ 
tion, and encourage engineers to 
exchange information through the 
technical community website 
sharing environments through HP 
and Microsoft Solutions for the 
People Ready Business 

Approach 

Adopt Microsoft Office SharePoint 
Server 2007 as the application infra¬ 
structure and take advantage of Web 
2.0 technologies and social network¬ 
ing services 


Two of Collabo's early 
achievements: 

• An engineer from a system building 
organization was tuning parameters. 
The engineer initiated a discussion. 
He received opinions from system 
building personnel and also main¬ 
tenance perspectives. As a result, 
the engineer found more evidence 
regarding potential performance 
impacts. 

• Another engineer was reviewing the 
service level agreement (SLA) of a 
certain business system to provide 
the customer a proposal. A support- 
service engineer provided feedback 
about his experience implementing 
the system in his department. This 
communication resulted in a value- 
added proposal for the customer. 


Business technology 

improvements: 

• High availability and easy scalabil¬ 
ity with HP BladeSystem c-Class 

• Reduced administration workload 
using HP Onboard Administrator 
and Insight Control 

Business results 

• Allows information sharing among 
engineers - regardless of the 
boundaries between the 
organizations 

• Enables HP Japan to offer its cus¬ 
tomers high-quality, value-added 
IT services 

• Positions HP Japan with experi¬ 
ence and competence to build and 
operate other information 





whelmed. As mentioned earlier, it is critical to spread your data 
across multiple site collections and multiple content databases 
early on, however, to make this type of scalability a reality. 

Large farms are composed of robust and capable servers, 
such as the following configuration: 



Virtualization of MOSS 

Server virtualization technologies have come a long way in 
recent years. Advances in the field have given server archi¬ 
tects greater flexibility in deployment of technologies such 
as MOSS because virtual servers are more easily provisioned, 
quickly backed up, portable between hosts, and make better 
use of their host's hardware. 

MOSS in particular can take advantage of virtualization tech¬ 
nologies. For example, deployment of MOSS within a Windows 
Server 2008 Hyper-V virtualization platform can allow for a highly 
available MOSS environment to be constructed on only two 
physical servers (see Figure 1). Because the SQL cluster and Web/ 
Query servers are spread across the two virtual hosts in this ex¬ 
ample, the loss of a single server would not take down the farm. 


Production Farm 



SOL Cluster Node #1 Index Server Web/Ouerv Server 



SQL Cluster Node #2 y^Query/ Web/Query Server 


Test/Dev Farm 


There are a few key points to keep in mind when using 
virtualization for MOSS: 

• The best candidate for virtualization is the Web role, fol¬ 
lowed closely by the Query role. 

• SQL Servers that are heavily utilized may not be the best 
candidates for virtualization, because their heavy I/O load 
can cause some contention and they may require a large 
amount of the resources from the host, which reduces the 
efficacy of the setup. 

• Index servers that are also very heavily used may also not 
be the best candidates, because they typically require many 
more resources than a Web or Query role server. Small and 
mid-sized environments may be able to virtualize this role 
without issues, however. 

• Be cautious about allocating more memory to an individual 
virtual session than exists in a single Non-Uniform Memory 
Access (NUMA) boundary specified by your hardware. To 
determine the size of a NUMA boundary, the general rule of 
thumb is to divide the amount of memory by the number 
of processor cores on a server (i.e. 32GB of RAM and dual 
Quad-core processors = 32/8 = 4GB NUMA boundary). 
Server processing speed tends to deteriorate if the virtual 
session crosses a NUMA boundary. 

Conclusion 

MOSS is a powerful and valuable tool that, when properly 
architected and deployed, can provide immediate value to an 
organization.The flexibility and scalability inherent in its core 
components allows SharePoint architects to deploy a Share- 
Point environment that matches the size of the organization 
and scales outwards as needed. Using this guide can help you 
conceptualize these concepts and determine the best hard¬ 
ware options available for MOSS deployments of any size. 

Links to HP Whitepapers 

SharePoint content on HP ActiveAnswers: http://www. 
hp.com/solutions/activeanswers/sharepoint including: 

• Best practices for deploying Microsoft Office SharePoint 
Server 2007 with Hyper-V on HP ProLiant servers 

• Microsoft Office SharePoint Server 2007 with Windows 
2008 and SQL Server 2008 on HP servers and storage 
technologies 

• Best practices for deploying Microsoft Office SharePoint 
Server on HP storage technologies 

• Best practices for deploying Microsoft Search Server 2008 
solutions on HP servers and storage technologies 

More information: http://www.hp.com/ao/sharepoint 


Michael Noel is an internationally recognized technology expert, 
bestselling author, and well known public speaker on a broad range 
of IT topics. He has authored several major best-selling industry books 
that have been translated into over a dozen languages. Significant 
titles include SharePoint 2007 Unleashed, Teach Yourself SharePoint 
2007 in 10 Minutes, Windows Server 2008 Unleashed, ISA Server 2006 
Unleashed, Exchange Server 2007 Unleashed, and many more. Cur¬ 
rently a partner at Convergent Computing (www.cco.com) in the San 
Francisco Bay Area, Michael's writings and extensive public speaking 
experience across six continents leverage his real-world expertise help¬ 
ing organizations realize business value from Information Technology 
infrastructure. 


Figure 1: An example of deploying MOSS within a Windows 
Server 2008 Hyper-V virtualization platform 
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SOLUTIONS PLUS 


to transfer a hardware RAID system from 
one server to another in the event of a 
server motherboard failure. You can improve 
efficiency tremendously by using a SAN's 
snapshot technology to replicate a bootable 
server image created with Sysprep to several 
LUNs that support multiple-server-boot from 
iSCSI implementations. Additionally, SANs 
can support shared-boot scenarios, in which 
multiple systems use a single OS image, but 
that's a topic for another article. 


Of course, you should always consider 
a balance between the pros and cons of 
different storage architectures, and you 
must evaluate and mitigate the risks that 
come with putting all your eggs in one bas¬ 
ket. If you make the move to boot a num¬ 
ber of critical servers from a storage pool, 
it's your duty to ensure that an appropriate 
level of redundancy is built into the design 
of that pool and its supporting network 
infrastructure. 


Choose a Solution 

As with Fibre Channel SANs, you can use 
dedicated iSCSI host bus adapters (HBAs) to 
boot from an iSCSI SAN. This option is via¬ 
ble but relatively expensive. Although they 
use more CPU power, two other, lower cost, 
options are available that deliver compa¬ 
rable power, performance, and simplicity of 
configuration to HBAs. iSCSI boot-enabled 
NICs and software-based iSCSI boot solu¬ 
tions are both ready for prime time. I'll 


Software-Based iSCSI Booting 

Even it your system BIC doesn't support booting from iSCSI, you can use software-based tools to enable iSCSI boot for servers with a 
Preboot Execution Environment (PXE)-compliant NIC. Double-Take Software, www.doubletake.com, makes iSCSI boot tools for clients and servers that 
offer a few advanced features not found in native hardware iSCSI boot solutions. I'm not aware of any other vendors that provide similar software. I 
got a copy ofwinBoot/i (which Double-Take Software has since renamed netBoot/i) 2.5 to see how easy it was to use and how well it would perform. 
Cost for the software is $995 for the server console, $395 for the server agent, and $95 for the desktop agent. 

To demonstrate that booting from an iSCSI target without specialized hardware doesn't require the latest and greatest hardware, I decided to try 
booting from iSCSI on my old test bed of systems, including a white box Windows 2000 Server system functioning as a domain controller, DNS server, 
and DHCP server. A server running Windows Server 2003 would be the iSCSI boot host. 

You need three general components for a functional winBoot/i environment: the winBoot/i Manager, winBoot/i Client, and the iSCSI storage 
environment. winBoot/i Manager runs on Server 2008, Windows 2003, Windows XP, Win2K Professional, and Win2K Server. You must have a DHCP 
server, which can be installed on the same system as winBoot/i Manager or another system. Supported winBoot/i Client OSs include Windows 2003 
(32- and 64-bit, Standard or Enterprise) R2 and Windows Storage Server with SP2. 

I followed the Setup and Basic Procedures section of the winBoot/i Getting Started Guide to install and configure the product.The first step, accord¬ 
ing to the guide, is to provision the boot volume on the SAN. I opened the Dell EqualLogic Group Manager applet and created a 40GB volume for this 
purpose. Next, I installed winBoot/i Server on the system that hosts my DHCP server. Installing winBoot/i on an existing Windows DHCP server lets 
the installation perform necessary DHCP configurations to support winBoot/i. Alternatively, winBoot/i includes a DHCP proxy utility to support other 
installation scenarios. The installation routine installed both winBoot/i Server and the PXE bootstrap files. After the installation finished, I launched 
the Microsoft Management Console-based winBoot/i Manager Console, entered my license information, and clicked the Services icon to verify the 
winBoot/i, Trivial FTP, and PXE services were all running on my winBoot/i server. While still in the console, I created a new client and specified the 
parameters required for mapping the client to the appropriate iSCSI target when it boots from PXE. 

I then performed the winBoot/i Client installation on my server running Windows 2003 R2.The installation routine first installed the hotfix described 

at support.microsoft.com/?kbid=939875, followed by the Microsoft iSCSI Software 
Initiator and the winBoot/i Client. Perthe instructions, after the installation I opened 
the iSCSI Initiator and logged on to the iSCSI target that I created to house the boot 
volume. The next step was to launch the winBoot/i SystemCopy utility, shown in 
Figure A, to copy my existing local installation to the iSCSI volume. SystemCopy is 
an easy-to-use utility that lets you copy a disk or volume to the iSCSI target using 
Microsoft Volume Shadow Copy Service. If you choose the volume copy option, 
you must first partition and format the target iSCSI volume. I selected the disk copy 
option, which replicated my local disk to the iSCSI volume. 

I removed the disk I had been using as a boot drive from the server and 
configured it to boot using PXE on its first NIC. The boot process was simple 
and fast. It took less than an hour to get from square one to having my client 
boot from an iSCSI volume. 

In my experience, the winBoot/i software-based method for employing boot 
from iSCSI was easier to implement than hardware solutions, and it has at least one notable advantage over hardware NIC solutions; winBoot/i supports 
booting Microsoft Hyper-V guest virtual machines (VMs) from iSCSI storage that isn't directly exposed to the Hyper-V host. VMs can be booted from 
iSCSI storage exposed by the software initiator within the guest VM. 
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Figure A: The winBoot/i SystemCopy utility Ul 
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BOOT FROM ISCSI 


discuss configuring a hardware iSCSI boot 
in this article. 

Before we dig in, there are a few require¬ 
ments to discuss, none of which should pose 
a problem for organizations that deploy and 
maintain relatively up-to-date technology. 
For acceptable performance, you need to 
use Gigabit Ethernet for your iSCSI connec¬ 
tions. Your servers should have a PCI Express 
slot to accommodate the iSCSI boot-capable 
NIC—some PCI Extended (PCI-X) NICs 
can be found, but PCI Express is newer 
and arguably better and vendors won't be 
making new PCI-X cards. The system BIOS 
on your server must support booting from 
an iSCSI SAN. The final requirement for 
both scenarios is the Microsoft iSCSI Soft¬ 
ware Initiator 2.0.4 or later iSCSI boot ini¬ 
tiator, available as a free download from 
www.microsoft.com/downloads/details 
,aspx?familyid=12cb3cla-15d0-4585-b385- 

befd!319f825 . 

If these hardware requirements are too 
high, you can still pursue software-enabled 
iSCSI booting. In this case, your server can 
use just about any NIC that supports the 
Preboot Execution Environment (PXE) 2.x 
boot standard, and your system BIOS must 
support PXE booting. For more information 
about using a software-based iSCSI boot 
solution, see the sidebar "Software-Based 
iSCSI Booting," page 33. 

IBM, Intel, and Broadcom manufac¬ 
ture NICs that support booting from iSCSI 
LUNs. Most iSCI boot-enabled NICs are 
PCI Express devices, but the technology 
has also made its way into LAN-on-mother- 
board implementations from leading server 
manufacturers. I received a couple of demo 
NICs, then proceeded to see how easily I 
could put together a hardware boot-from- 
iSCSI installation. 

The steps to configure booting from 
iSCSI are relatively simple, but you must 
be precise to ensure a reliable and stable 
implementation. You need to configure a 
LUN on the iSCSI array that will be your 
boot drive, configure the NIC to boot from it, 
and either prepare a fresh Windows installa¬ 
tion or migrate an existing one to the iSCSI 
LUN. Most of the time you spend on these 
tasks will be on OS preparation, but as with 
traditional OS deployments, you can use 
imaging technology and Sysprep to simplify 
subsequent deployments. 


STEP1: Provision a SAN 
Volume for iSCSI Boot 

There's nothing extraordinary about provi¬ 
sioning a SAN volume for boot from iSCSI; 
you just need to allocate adequate space 
and configure appropriate access via host 
IP address, Challenge Handshake Authen¬ 
tication Protocol, or iSCSI initiator name. 
You'll want to make note of the full target 
iSCSI Qualified Name (IQN) and, if used 
to limit access, the initiator IQN, as you'll 
need them during boot BIOS configuration 
(target aliases aren't supported for booting 
from iSCSI). I used the Dell EqualLogic 
Group Manager applet, shown in Figure 1, 
to create a target to serve as my boot volume 
and configured it to restrict access to my 
initiator IQN. The Dell applet is the one that 
came with my SAN array; you should have 
an equivalent applet for your array. 

STEP 2: Configure Your NICs 

iSCSI boot-capable NICs use a firmware 
BIOS that allows them to be configured to 
establish a preboot connection to an iSCSI 
LUN. These NICs typically come from the 
factory with PXE boot firmware loaded. To 
enable the iSCSI boot BIOS, you must flash 
the firmware on the NIC, replacing the PXE 
boot code with the iSCSI boot version. I 
accomplished this easily in my tests by sim¬ 
ply creating a boot diskette containing the 
firmware image software. The steps might 
vary depending on your NIC, so visit your 


iSCSI boot-enabled NIC’s vendor's site for 
complete instructions. 

STEP 3: Input iSCSI Parameters 

After flashing the firmware, you have two 
choices. One option is to configure the boot 
BIOS with the iSCSI initiator and target 
parameters for your environment. If you have 
multiple boot-from-iSCSI-enabled NICs or 
a multiport NIC, you'll need to specify and 
enable the primary port for booting from 
iSCSI. For the initiator, you must specify the 
IP address, subnet, and gateway. For the tar¬ 
get, you must enter the IQN, IP address, sub¬ 
net, gateway, target port, and LUN number. 

You can also use DHCP to provide con¬ 
figuration information to the NIC's boot 
BIOS by setting up a reservation for each 
host with unique option parameters. (For 
the specifics of how to set up DHCP for 
booting from iSCSI, see the Microsoft article 
"How to install and configure the DHCP 
service for iSCSI Network Boot configura¬ 
tion in Windows Server 2003" at support 
.microsoft.com/?kbid=928496.) Whether 
you use DHCP or enter the information into 
the boot BIOS, you must enter the data in 
one place or the other. 

After completing these steps, you should 
be able to reboot your server and see the 
NIC's boot BIOS connect to the target you 
specified. Getting to this point took me 30 or 
40 minutes, including time spent manually 
configuring initiator and target parameters 



Figure 1: Dell EqualLogic Group Manager applet 
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WINDOWS IT PRO RESOURCES 


Learn more about iSCSI SANs: 


"iSCSI SANs for SMBs," InstantDoc ID 97607 
"iSCSI Storage Arrays"InstantDoc ID 49404 
"Using iSCSI for Network Storage Solutions," 
InstantDoc ID 45936 
"Make the Most of Your SAN with iSCSI," 

InstantDoc ID 96520 

"How to Use the Microsoft iSCSI Initiator Command- 
Line Interface," 

http://www.ittv.net/VideoPlayer/tabid/57/ 

Videold/298/Usina-The-Microsoft-ISCSI-lnitiator- 

CLI.aspx 



from a command-line utility. I later learned 
that the NIC's BIOS, accessible via a hotkey 
during power-on self-test, includes a form 
that makes entering this data much easier. 
Also, I initially struggled with the boot BIOS 
not being able to establish TCP connectivity 
with the storage array. After some investiga¬ 
tion, I enabled the "port fast" setting on the 
switch port to which the server was con¬ 
nected, and that resolved the problem. 

STEP 4: Configure Your OS 

Once connectivity between the NIC and 
LUN is established, you can configure your 
OS. You again have two choices for getting 
your OS on the new iSCSI target: Migrate an 
existing Windows installation, or perform a 
clean OS installation. 

Migration requires a temporary or per¬ 
manent local disk on the server. Install the 
OS on the local disk, then configure the OS 
to boot from iSCSI. Next, use the Sysprep 
tool to prepare the OS, then image the OS 
and copy it to the iSCSI LUN. 

When performing a fresh install of Win¬ 
dows Server 2003 or Windows Server 2008, 
press F6 during the first part of setup to 
copy the NIC drivers you need to establish 
a connection to the LUN. The installation 
will then proceed as if the iSCSI LUN were a 
local drive. 

The OS configuration steps are practi¬ 
cally the same whether you're creating a 
new installation or migrating an old one. 
Other than where the installation takes 
place, the primary difference is how NIC 
drivers are installed in the OS. You should 
consult your NIC vendor's instructions for 


the proper driver installation method and 
sequence for each scenario. It's important 
that you configure the NICs to use DHCP 
within Windows so that their IP address is 
automatically assigned when the adapter's 
boot BIOS detects the iSCSI LUN. 

There are a few configuration tasks that 
are critical to successfully booting from an 
iSCSI target, whether you specify settings in 
the NIC BIOS or via DHCP. First, you need to 
install the Microsoft iSCSI Software Initiator 
with integrated software boot support. This 
installation isn't difficult, but you need to 
know which NIC port the boot BIOS will 
use and whether you'll be using MPIO. Dur¬ 
ing installation, check the Configure iSCSI 
Network Boot Support option 
and select the NIC port or 
ports to enable for boot from 
iSCSI, as shown in Figure 
2. Also within the installa¬ 
tion wizard, specify whether 
you're using MPIO. Although 
you just installed the iSCSI 
initiator, you shouldn't log 
on to the target LUN. The ini¬ 
tiator will communicate with 
the boot BIOS to establish 
and maintain the connection 
to the target. (To see this pro¬ 
cess in action, see "How to 
Use the Microsoft iSCSI Ini¬ 
tiator Command-Line Inter¬ 
face," www.ittv.net/VideoPlayer/tabid/57/ 
VideoId/298/Using-The-Microsoft-ISCSI- 

Initiator-CLI.aspx) 

After installing the initiator, there are a 
couple of configuration tasks left. Configure 
the pagefile in the Advanced tab under Sys¬ 
tem Properties. Make sure the pagefile uses 
a local disk unless the server won't have a 
local hard drive, in which case you need to 
turn off the OS's virtual memory capability. 
If you're running Windows 2003, install 
the hotfix described at supportmicrosoft 
.com/?kbid=939875, which corrects a prob¬ 
lem with crash dumps on iSCSI boot vol¬ 
umes. Finally, add a shutdown script to 
protect the iSCSI boot sequence configu¬ 
ration from damage related to updates to 
the network stack. Run the Lscsibcg utility 
included with the Microsoft iSCSI Software 
Initiator and use the options to fix and 
verify each time the server shuts down. 
(For more details about adding the script, 


see the Microsoft article "Howto enable the 
iSCSI boot sequence on a network adapter 
after you install the Microsoft iSCSI Boot 
Software Initiator" at support.microsoft 
.com/?kbid=934235.) 

That's it for OS configuration. Nowyou're 
ready to either boot from your iSCSI LUN- 
based installation or use Sysprep to create 
an image of your temporary installation 
and move it to the iSCSI LUN. When you're 
ready to boot from the iSCSI LUN, modify 
the boot order or enabled boot devices in 
your system BIOS; this is where the require¬ 
ment for system BIOS support for booting 
from iSCSI comes in. If you have an older 
system that was produced before this type 


of support was mainstream, you can still 
boot from iSCSI targets with the help of 
some crafty software tools; see the sidebar 
"Software-based iSCSI Booting" on page 33 
for more information. 

Options Abound 

Regardless of which options you use, there 
are some distinct advantages to using your 
SAN for boot volumes. Using hardware to 
boot from iSCSI is easier to support, cleaner, 
and has fewer "moving parts" than a soft¬ 
ware solution. Then again, there's no reason 
you can't use both, if your needs dictate. ^ 

InstantDoc ID 101410 


Ed Roth 

(eroth@windowsitpro.com) is a 
network manager for a govern¬ 
ment institution and a contribut¬ 
ing editor and product reviewer 
for Windows IT Pro. 



Figure 2: Selecting the NIC port(s) to enable for iSCSI boot 
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Hyper-V offers better performance than 

Microsoft's previous virtualization products by Brien Posey 


or a long time I chose not to use virtualization technology 
in my Microsoft Exchange Server environment because 
I didn't want to add an extra layer of abstraction to the 
mix. Plus, I knew that my servers would perform better 
on dedicated hardware. 

Over the past couple of years, though, virtualization 
technology has improved tremendously. Thanks to Microsoft Hyper- 
V, virtual machines can directly access most of a server's hardware 
rather than having to channel requests through the host OS as was 
previously required. Because Hyper-V offers better performance 
than Microsoft's previous virtualization products, I have virtualized 
my own Exchange servers and have assisted some of my clients in 
doing the same. 

Should You Virtualize? 

Microsoft supports virtualization in Exchange Server 2007 and 
Exchange Server 2003 but not earlier versions. Virtualization is mainly 
used in production environments to make better use of existing hard¬ 
ware. For example, DNS, DHCP, and file servers use very little of the 
available memory and CPU resources. By virtualizing these types of 
servers, you can use a single physical machine to host multiple virtual 
machines. In doing so, the hardware is being better utilized and fewer 
resources go to waste. 

Virtualization typically isn't well suited for servers that use a lot 
of CPU or disk resources. Unfortunately, in many cases, Exchange 
falls into this category. If you're thinking about virtualizing an exist¬ 
ing Exchange server, it's important that you do some performance 
benchmarking to find out how much of the server's resources are 
being consumed during peak periods of activity. 

Virtualization adds an extra layer of abstraction to the process. As 
a result, virtual servers take a performance hit. I can't tell you exactly 
how much of a performance hit to expect because it depends on a 
number of factors, such as the virtualization product being used, the 
available hardware resources, the load that other virtual servers are 
placing on the hardware, and how efficiently the guest and host OSs 
are configured. 




Which Virtualization Software Should You Use? 

You can use Hyper-V or third-party software to virtualize Exchange 
2007. For Exchange 2003, you can use Microsoft Virtual Server 2005 
R2 or third-party software. Although Microsoft doesn't officially 
support using Hyper-V with Exchange 2003, I've found that it works 
really well. 

Although Microsoft typically discourages customers from using 
third-party virtualization software, they support doing so in some 
cases. VMware's ESX Server is one such case. For more information 
about running Exchange on third-party virtualization products, read 
"Support policy for Microsoft software running in non-Microsoft hard¬ 
ware virtualization software" (support.microsoft.com/kb/897615). 

I recommend that you host your virtual Exchange 2007 servers on 
Hyper-V I also recommend that you use Hyper-V for your Exchange 
2003 servers for two main reasons: 

• The virtualization process in Hyper-V isn't nearly as dependent 
on the host OS as the virtualization process in Virtual Server 2005. 
Hyper-V supports hardware-level virtualization, which means 
virtual machines are allowed to communicate directly with the 
server's hardware instead of hardware calls having to be passed 
through the host OS. The end result is that virtual machines per¬ 
form almost as well as physical machines. 

• When you use Virtual Server 2005, the virtual machines can use 
only one processor. If your Exchange server is currently running 
on a multi-CPU or multi-core server, you might see the server's 
performance diminish considerably once you move to a virtual 
environment. This constraint has been removed in Hyper-V You 
can assign multiple virtual CPUs to a virtual server. You can even 
manually assign virtual CPUs to an Exchange server and any 
other virtual servers on the machine to avoid situations in which 
a virtual server doesn't receive sufficient CPU resources because 
another virtual server is hogging the CPU. 

Note that an Exchange server must have x64 processors that sup¬ 
port hardware-level virtualization to use Hyper-V Intel and AMD offer 
processors with this support. In Intel processors, the support is called 
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Intel Virtualization Technology (Intel VT— 
www.intel.com/technology/virtualization) . 

In AMD processors, the support is called 
AMD Virtualization (AMD-V —www.amd 
.com/us-en/Q..3715 15781 15785.QQ.html) . 

Microsoft offers two Hyper-V products: 
Windows Server 2008 Hyper-V which is a 
role in Windows Server 2008, and Microsoft 
Hyper-V Server 2008, which is a standalone 
server-virtualization product that you can 
download from the Microsoft website fwww 
.microsoft.com/servers/hyper-v-server/how- 

to-get.mspx) for free. Hyper-V Server 2008 
doesn't include the Server 2008 OS or Server 
Core. (For more information about the dif¬ 
ferences between these two products, see 
“What You Need to Know About Microsoft 
Hyper-V Server 2008," fanuary 2009, Instant- 
Doc ID 100520.) You can use either Hyper-V 
product when virtualizing Exchange. 

Items to Consider 

Once you've decided to virtualize your 
Exchange organization using Hyper-V you 
need to think through the implementation. 
Here are some items to consider: 

Dedicated network cards. A server's 
hardware can become a performance botde- 
neck. One hardware component that is prone 
to becoming a botdeneckis the network card. 
Fortunately, Hyper-V lets you configure each 
virtual machine to use a dedicated network 
card. 

I recommend using a dedicated network 
card because you're still going to have to 
perform nightly backups of mailbox serv¬ 
ers. A lot of administrators assume they can 
make a backup by creating an offline snap¬ 
shot of the virtual hard drive (i.e., the .vhd 
file). Although true, there are two problems 
with doing backups this way. First, snapshot 
backups require you to shut down the virtual 
machine—and shutdowns aren't practical in 
most organizations. Second, if you are only 
making snapshot backups, your transaction 
log files are never committed because that 
process occurs as a part of a normal online 
backup. Given the backup issue and the 
low cost of network cards, using dedicated 
network cards for each virtual server is a no 
brainer, assuming your server has enough 
free expansion slots. 

Note that you can use the Microsoft 
Volume Shadow Copy Service (VSS) to per¬ 
form backups. Although VSS decreases the 
bandwidth consumed by backups, the server 


will still perform better in general if it has 
dedicated network cards. 

The host OS's configuration. When 
you're virtualizing Exchange, it's easy to 
concentrate on the virtual servers and forget 
about the host OS. Keep in mind that if the 
host OS is poorly configured, your virtual 
server's performance will suffer. Granted, 
when you're using Hyper-V, the guest OS 
communicates directly with the server hard¬ 
ware in most cases. Even so, the hardware 
is being shared between the guest OSs and 
the host OS. A poorly configured host OS 
consumes hardware resources that could be 
better used by the guest OSs. 

Probably the worst configuration mistake 
that I have ever seen was when someone 
stored all of the .vhd files on the same drive 
as the pagefile, which caused a tremendous 
performance hit. Other configuration-related 
issues are discussed in the sections below. 

The host OS's memory. You need to make 
sure that the host OS has enough memory to 
do its job efficiently. I recommend dedicating 
a bare minimum of 2GB of memory to the 
host OS. The machine should have enough 
physical memory on top of the first 2GB to 
meet the allocations that you've made to 
your virtual servers. For example, if a virtual¬ 
ized Exchange server requires 4GB of RAM, 
the host OS machine will need no less than 
6GB of RAM. You also need to factor in the 
memory requirements of any other virtual 
servers that are being hosted on the server. 

The host OS's applications. The host OS 
shouldn't be pulling double duty as a web 
server or file server. Microsoft's guidelines 
for running Exchange in a virtualized envi¬ 
ronment stipulate that the host OS should 
be used only for hosting virtual machines 
and shouldn't be running any additional 
server applications other than management 
software (e.g., antivirus software). 

As I just mentioned, Microsoft provides 
guidelines for virtualizing Exchange. You 
can read those guidelines in the article 
“Microsoft Support Policies and Recom¬ 
mendations for Exchange Servers in Hard¬ 
ware Virtualization Environments" ftechnet 
.microsoft.com/en-us/library/cc794548 
.aspx) . I discuss many of the guidelines here, 
but space limitations prohibit me from cov¬ 
ering all of them. So, I recommend that you 
take the time to read that article. 

“Microsoft Support Policies and Rec¬ 
ommendations for Exchange Servers in 


learning Path 


WINDOWS IT PRO RESOURCES 

For more information about virtualizing 
Exchange, see 

"Exchange Server Virtualization: Good Virtualization 
Candidates," InstantDoc ID 99010 
"Exchange Server Virtualization: Hyper-V Possibilities," 
InstantDoc ID 98960 

"Exchange Server Virtualization: Microsoft's Support," 
InstantDoc ID 98905 

For more information about 
Hyper-V, see 

"Hyper-V FAQs,"InstantDoc ID 99440 
"Hyper-V: The Good, the Bad, and the Ugly," 
InstantDoc ID 100595 

"What You Need to Know About Microsoft Hyper-V 
Server 2008,"InstantDoc ID 100520 

MICROSOFT RESOURCES 

"Hyper-V," 

technet.microsoft.com/en-us/library/ 

cc753637,aspx 

"Hyper-V Getting Started Guide," 

technet.microsoft.com/en-us/librarv/ 

cc732470,aspx 



Hardware Virtualization Environments" 
also outlines Microsoft's support policies 
for virtualizing Exchange. The requirements 
involved in the support policies vary con¬ 
siderably depending on whether a server 
is running Exchange 2007 or Exchange 
2003, so I'm going to talk about each set of 
requirements separately. Before I talk about 
the version-specific aspects of the virtualiza¬ 
tion process, though, let's look at the general 
approaches to virtualization. 

The General Approaches to 
Virtualization 

There are three main approaches that you 
can use to virtualize Exchange. The first 
approach involves setting up a virtual server, 
then performing a clean Exchange instal¬ 
lation. This new Exchange installation is a 
member of the existing Exchange organiza¬ 
tion. With this approach, it's easy to define 
the server's role within the Exchange organi¬ 
zation and migrate any necessary mailboxes 
or public folders to the virtual machine. 
In addition, this approach minimizes the 
amount of time Exchange resources are 
unavailable. You simply perform a migration, 
then decommissionyour old Exchange server 
once the migration process is complete. 
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The second approach is to use a physi¬ 
cal-to-virtual (P2V) tool such as Microsoft's 
System Center Virtual Machine Manager 
(SCVMM) or Vizioncore's vConverter. Such 
a tool can perform P2V conversions without 
having to do all of the work involved in the 
third approach. However, P2V tools typically 
aren't free. 

The third approach involves creating a vir¬ 
tual instance of the physical Exchange server. 
This approach is more tedious than perform¬ 
ing a simple migration. Plus, users will expe¬ 
rience a considerable amount of down time 
and there's more room for error. However, 
this approach results in a perfect, virtualized 
image of the physical Exchange server. In 
addition, it leaves the original Exchange server 
and all the related records in Active Directory 
(AD) unchanged. If something were to go hor¬ 
ribly wrong during the virtualization process, 
you can always turn off the virtual server, 
power up the Exchange server, and be back 
online within a matter of minutes. For these 
reasons, I prefer to use the third approach, 
so I'll cover that approach here. However, 
in some organizations using this approach 
might be impractical because of the require¬ 
ment for taking Exchange offline. 

Here are the steps involved in implement¬ 
ing the third approach: 

1. If the machine that you'll be virtual¬ 
izing is running Windows 2003, you need 
to install SP2 or later; otherwise, the virtual 
server won't be able to connect to the net¬ 
work. If the machine is running Server 2008, 
this step isn't necessary. 

2. Run the CHKDSK /F command 
against each volume on your server. 
Although this step is optional and might 
take a long time, finding and fixing any disk 
errors up front will make your life easier. 

3. Shut down the Microsoft Exchange 
Information Store service to prevent any 
changes from being made to the databases 
or transaction logs. 

4. Perform a full system-state backup 
of the Exchange server (including the 
Exchange program files). It’s important to 
note that Hyper-V doesn't let you access 
USB devices from virtual machines. There¬ 
fore, when you perform the backup of the 
Exchange server, write the backup to a 
location that will be accessible to the virtual 
machine. I usually write the backup to a net¬ 
work volume. 

5. Shut down the server. 


6. Verify that the new server has virtual¬ 
ization enabled at the BIOS level (i.e., hard¬ 
ware level). 

7. Create a new virtual server that will be 
used as a replacement for the server you just 
took offline. 

8. Create one virtual hard drive for each 
physical volume that you backed up, then 
connect those virtual hard drives to the vir¬ 
tual machine. 

9. Install Windows onto your virtual 
machine. You must run the same version of 
Windows and the same service pack level as 
what your physical server was using. 

10. If the virtual server is running Win¬ 
dows 2003, you must install the Integration 
Services. You can do so by choosing the 
Insert the Integration Services Setup Disk 
option from Hyper-V's Action menu. If the 

By far the most 
important 
requirement when 
virtualizing Exchange 
2007 is that you 
must plan the way 
the server roles are 
hosted. 


virtual server is running Server 2008, this 
step isn't necessary. 

11. Enable networking on the virtual 
machine. 

12. Assign an IP address to the virtual 
server if necessary, but do not join the vir¬ 
tual server to a domain. 

13. Assign the correct drive letters to any 
additional virtual hard drives that you might 
be using. 

14. Perform a full system-state restore 
of your backup to the virtual machine. You 
must configure the restore process to over¬ 
write any existing files. 

15. When the restore process completes, 
boot the virtual machine. You usually have 
to perform a series of reboots as the virtual 
machine discovers the new "hardware." 

Note that Hyper-V contains an option to 
create a virtual hard drive based on a physical 
drive. As tempting as it might be to use this 
option in place of performing these 15 steps, 


you can't use it to create a virtual instance of 
the server's system drive. When you try to 
boot off of a virtual hard drive that was created 
in this manner, it will cause the blue screen of 
death halfway through the boot process. 

You can use the option to create a virtual 
hard drive based on a physical hard drive as 
a way of virtualizing any hard drive that isn't 
directly involved in the boot process. The 
only catch is that creating a virtual drive this 
way is really slow. It has been my experience 
that it's usually faster to use the backup and 
restore approach I just described. 

Exchange 2003 Requirements 

Here are some version-specific require¬ 
ments for virtualizing Exchange 2003: 

• The Exchange server must be run¬ 
ning Exchange 2003 SP2 or later. SP2 
is required because there are some 
services that must be run on the virtual 
server in order for it to be able to access 
the network, and these services require 
Windows 2003 SP2 or later. 

• The Exchange server can't be part of a 
cluster. 

• If the virtual server is running Hyper-V, 
you must install the Integration Services. 

• The only SCSI driver that is supported is 
the Microsoft Virtual Machine PCI SCSI 
Controller Driver. (This is not a require¬ 
ment in Exchange 2007.) 

Exchange 2007 Requirements 

By far the most important requirement 
when virtualizing Exchange 2007 is that 
you must plan the way the server roles are 
hosted. You shouldn't virtualize the Unified 
Messaging server role, but virtualizing all 
the other roles is fair game. Typically, the 
Hub Transport and Client Access server 
roles are ideal virtualization candidates 
because they usually consume a relatively 
low amount of server resources, except in 
very large deployments. In addition, they 
don't have any real storage requirements 
(e.g., no mailbox databases). 

The Edge Transport server role might 
also be a good virtualization candidate 
because edge transport servers typically 
consume a fairly low amount of disk and 
CPU time. However, I'm a bit apprehen¬ 
sive about virtualizing an edge transport 
server because it's designed to reside at the 
network perimeter. Supposedly, an edge 
transport server can run securely in a virtual 
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environment, but the only way that I would 
consider virtualizing one would be if the 
host OS was not a domain member and the 
other virtual servers residing on the physical 
server were also intended to reside at the 
network perimeter. 

Mailbox Server roles are the most resource 
intensive of the Exchange roles that can be 
virtualized. Although a mailbox server can 
be virtualized, virtualizing it might not make 
sense if it's carrying a heavy workload. 

Virtualizing Mailbox Servers in 
Exchange 2007 

For the most part, virtual machines can 
communicate directly with the server hard¬ 
ware, with one notable exception: Calls to 
the disk subsystem must still pass through 
the host OS. So, if you're planning on virtual¬ 
izing mailbox servers, you'll want to pair the 
mailbox servers with other types of virtual 
servers that aren't as I/O intensive. You'll 
also have to decide how you want to config¬ 
ure the virtual server's virtual hard drives. 

The more advanced configurations are 
beyond the scope of this article, so I'll dis¬ 
cuss only the basics. For a simple mailbox 
server, Microsoft recommends using three 
separate sets of spindles: one for the OS, 
one for the mailbox database, and one for 
the transaction logs. (Optionally, you can 
include a spindle for the pagefile and a 
spindle for the Exchange binaries.) On a 
physical server, you can install three sepa¬ 
rate hard drives for the three spindles. If you 
have more than a dozen mailboxes on an 
Exchange server, you'll probably want to use 
disk arrays for the database and transaction 
logs rather than individual hard drives. 

I have seen a few virtual Exchange 
deployments in which the administrator 
maintained this separation of data by creat¬ 
ing multiple virtual hard drives and config¬ 
uring Exchange accordingly. The problem 
with this type of deployment is that having 
separate virtual hard drives really doesn't 
do you much good unless the virtual hard 
drives exist on separate physical hard drives. 
Although having separate virtual hard drives 
will help you to recover if one of those virtual 
hard drives becomes corrupted, you aren't 
protected against a physical drive failure. 
If the physical drive fails, you'll lose all the 
virtual drives that are stored on it. 

Another problem with placing all your 
virtual hard drives on the same physical 


drive is performance. All the Exchange- 
related read/write I/O will be directed to a 
single physical device. This causes a seri¬ 
ous performance bottleneck for all but the 
smallest Exchange organizations. 

You could create a RAID array and cre¬ 
ate all your virtual hard drives on a RAID 
volume. Assuming that the RAID array 
is fault tolerant, you would be protected 
against the failure of an individual hard 
drive. However, you would still have to deal 
with the possibility of a controller failure. In 
addition, an I/O bottleneck might still be 
an issue, depending on the array's perfor¬ 
mance. Generally speaking, you would be 
better off scattering your virtual hard drive 
files across several small disk arrays than 
placing everything onto one large array. 

The guidelines I just described for vir¬ 
tualizing mailbox servers are good for 
small-to-midsized businesses (SMBs). 
However, for larger organizations, they 
likely wouldn't work because I simplified 
the mailbox server configuration. So what 
is a large enterprise to do if they want to 
virtualize a mailbox server? My recommen¬ 
dation would be to use a SAN and to store 
all your Exchange volumes on dedicated 
LUN storage devices. 

A Good Start 

If you're interested in virtualizing your 
Exchange organization, you should check 
out Hyper-V. Hyper-V performs much bet¬ 
ter than Microsoft's previous virtualization 
products. I've given you an overview of 
what you should consider, the processes 
you can follow, and the requirements you 
need to meet to virtualize Exchange 2007 
and Exchange 2003 with Hyper-V. However, 
because this is an overview and not meant 
to be all-inclusive, you'll need to do more 
research. (The Learning Path, page 38, pro¬ 
vides some references you can check out.) 
You should put the same level of research, 
planning, and testing into your virtual serv¬ 
ers that you would give a physical server. 
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KFLOWS 

Transform business processes without writing code by Ryan Thomas 


T here's a lot of buzz about Microsoft .NET 3.0 Workflow 
Foundation and how many savvy SharePoint users 
have made it a part of their arsenal in the fight against 
enterprise disorganization and the absence of enforce¬ 
able business processes. I want to shed a little light on 
what SharePoint workflows are, what they do, and why 
you might want to use them. I'll also show you how to implement 
the workflows that come with your paid Microsoft Office SharePoint 
Server (MOSS) license. You can also create workflows with just 
Windows SharePoint Services, but they must be built from scratch 
using development tools to script or compile the components. This 
high-level introduction is designed to make it easy for you to imple¬ 
ment some basic workflows in your organization. 

What Is a Workflow? 

A workflow is a series of actions that depict a defined process. In 
SharePoint terms, workflows are sets of actions and functionality 
logically grouped to complete a defined business process in an 
orderly and traceable fashion. 

The best way to understand this definition is through an example. 
Almost every organization needs to be able to accept or reject a new 
document or changes to an existing document. With SharePoint, you 


can define a simple workflow that watches a SharePoint document 
library for changes. The workflow waits for any document to be 
checked in, then creates a task for another user to view and accept 
or reject the document. By using a simple web-based interface, the 
user can select, approve, or reject to complete the workflow. 

The above workflow scenario is simple, yet highly effective 
for what many managers need to accomplish on a daily basis. It 
ensures that documents are stored in a place that any team mem¬ 
ber can access according to security permissions. It also allows the 
manager to be automatically informed when changes are made to 
documents he or she is responsible for maintaining. The manager 
now has an audit trail for who made the change, when the item was 
changed and checked in, and, through use of versioning, exactly 
what changes were made. The manager also can view the data via 
the web and see task history and status in a single location. 

Compare this simple scenario to how companies manage similar 
requirements without a SharePoint workflow. A department man¬ 
ager might send an email message informing users that she must 
approve changes to certain types of documents before they can be 
sent to customers. These documents are stored in shared folders on 
the corporate network and on local hard drives. When users change 
a document in either location, they email the document to their 
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Figure 1: Sample workflow history 

manager for approval. But which version of 
the document did they initially change—the 
local or shared version? Which version is the 
most current? What happens if someone 
makes another change while the manager is 
reviewing the current set of changes? Where 
does the manager post these changes, and 
who does she send the email response to so 
that everyone is informed? How does she 
handle rejections or changes so they are 
tracked and properly noted? Can she see 
who is currently working on documents in 
her department? 

All these questions can be time 
consuming and costly to answer and to pro¬ 
vide processes for. With SharePoint's built-in 
capabilities and the workflows available out 
of the box with MOSS, organizations can 
quickly address most of these questions 
and concerns. 

Available Workflows 

The MOSS workflows described below rep¬ 
resent the extent of what is prebuilt and 
available out of the box. I discuss each 
workflow in detail to explain how it can start 
helping your organization immediately. 
Implementing these workflows doesn't have 
to be complicated or difficult. Many aspects 
of SharePoint document libraries, along 
with the following workflows, can solve 
almost all the issues and questions about 
manual processes that I asked earlier. 

Collect Feedback. The Collect Feedback 
workflow is one of the first workflows many 
users will implement because of its ease of 
creation and the power and usefulness of its 
functionality. This workflow enables Share- 
Point end users to quickly create a series of 


tasks that are attached to a document and 
that will automatically email other users 
with a request to open the document and 
respond to the task with feedback. 

With a few mouse clicks, users can create 
a custom workflow for a specific document 
or build and save reusable workflows for 
common documents or business processes. 
By consolidating this effort in the Collect 
Feedback workflow, users can keep track 
of each feedback task, who the task was 
assigned to, and the task's due date, current 
status, and outcome. Users can also review 
the workflow report history to see the series 
of events consisting of the initial creation 
of the workflow and of each task, who initi¬ 
ated the workflow, a description of each 
event, and the task's outcome. This process 
provides an easy-to-follow event timeline 
around the workflow. Figure 1 shows a 
simple workflow history page. 

In the workflow history and the workflow 
task list, the feedback and comments are 
displayed on the main report page, which 
contains a significant amount of informa¬ 
tion about the status and history of a specific 
workflow instance on a document. This data 
is captured, backed up, and maintained in 
a logical location relative to the document 
and document library. 

Collect Signatures. Microsoft supports 
certified digital identification that you can 
use to insert your signature and provide 
digital validation of signatures. The Collect 
Signatures workflow lets information work¬ 
ers use some of the integrated features of 
Microsoft Office 2007. Users can create a Sig¬ 
nature Line component in Office Excel 2007 
or Office Word 2007 documents that can be 


digitally signed by required recipients. 

The intention here is to allow docu¬ 
ment validation to move through a business 
process without requiring a succession of 
users to print and physically sign a docu¬ 
ment. Anyone who has gone through such 
a process knows how tedious it can be. You 
receive a document that you must print to 
sign. That copy isn't represented digitally 
and can't be stored in that manner from this 
point forward because of the physical sig¬ 
nature requirements. The document is now 
faxed or sent via traditional mail services to 
each party for individual signatures. Often 
the completion of such workflows takes 
weeks. In addition, the documents have 
been signed, initialed, and faxed so many 
times that the final document is almost 
unreadable. 

The Collect Signature workflow replaces 
this process by using SharePoint's docu¬ 
ment management capabilities, allowing 
documents to move through a process of 
signature task assignments. The workflow 
is simple: After creating a document that 
requires signatures, the initiator creates a 
digital signature line for each signer inside 
the document using built-in components 
of Word 2007 or Excel 2007 files. Once the 
document is added to a document library 
containing the Collect Signatures workflow, 
the user begins the workflow inside the 
actual document by initiating the workflow 
process using Office 2007's native connec¬ 
tivity with SharePoint environments. The 
workflow assigns tasks to the users who have 
been added to the workflow and who have 
signature lines in the document. Users are 
assigned signature tasks, which require them 
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to open and digitally sign the document, 
thus completing the task. The workflow then 
assigns the signature task to the next signa¬ 
tory in the workflow. Upon completion of the 
tasks, the initiator has a list of digital signa¬ 
tures and a version history for the changes. 

Disposition Approval. The Disposition 
Approval workflow shows some of the other 
abilities and areas where automation and 
notification can help manage common busi¬ 
ness processes. This workflow is designed 
for retention management tasks and works a 
little differently than the workflows discussed 
earlier. It automatically initiates review tasks 
for documents that have reached the end of 
a retention life cycle. 

In most organizations, any given docu¬ 
ment has a logical or contextual life cycle. 
Retaining documents that are no longer 
needed for historical or compliance pur¬ 
poses consumes expensive resources, yet 
searching existing documents in an effort 
to find those that should be retained rather 
than destroyed can be even more costly. 
There have been many cases in which cor¬ 
porations and individuals have found them¬ 
selves in legal trouble when old documents 
were located and used as evidence in court. 
In many of those cases, the documents had 
reached the end of their life cycle and were 
no longer required by law to be retained. 
In essence, they were just liabilities, both 
legally and financially. 

The Disposition Approval workflow offers 
two commonly used options for managing 
document retention. The simple method is to 
allow users to manually initiate the workflow 
process on documents they see in the Share- 
Point document libraries that they believe are 


qualified to be reviewed. The workflow then 
creates an unassigned task in a task list that 
users monitor. This task queue represents 
documents that need to be reviewed and 
acted upon, culminating in the document 
being saved for an additional period of time 
or deleted. Although this process is easy to 
set up, it holds significant risk: Because the 
process is manual, it's unlikely that all docu¬ 
ments that should be deleted or reviewed will 
be found. 

A better way to ensure that documents 
are discovered at the end of their life cycle is 
to use a combination of content types and 
information management policies. Share- 
Point lets users create information manage¬ 
ment policies that set the timeframe for 
a document to remain in the repository. 
These policies can be applied to specific 
content types, thus allowing organizations 
to apply different retention policies to spe¬ 
cific types of documents. When the time 
period for retention on a specific document 
is reached, the policy automatically initiates 
the Disposition Approval workflow and the 
tasks are added to the queue to be handled 
by those people delegated to review expired 
documents. 

You can see that the combination of 
technologies in this workflow present many 
opportunities for business process automa¬ 
tion. SharePoint can determine the type of 
document and specific information man¬ 
agement policies associated with that docu¬ 
ment type, then can initiate appropriate 
workflows on those documents when policy 
limits are reached or exceeded. The ability 
for these operations to work together allows 
organizations to create very specific usabil¬ 


ity requirements on all their documents and 
ensure that tasks are assigned in accordance 
with business process requirements. 

Three-state. The Three-state workflow 
differs from those discussed earlier in that it 
allows organizations to create intermediate 
steps in their workflow tasks. When a user 
receives a task created from a workflow, the 
standard steps in that task have a status of 
either open or closed. When the task is cre¬ 
ated and assigned, the status is open; upon 
task completion, the status is closed. This 
methodology works with many tasks and 
business processes, but most businesses 
also have processes that contain more than 
simple two-step tasks. The Three-state work- 
flow offers a litde more flexibility for such 
situations. One common use for this work- 
flow is based on the Issue Tracking list tem¬ 
plate, which is part of a standard SharePoint 
installation. The workflow essentially allows a 
process to create more than a single task per 
person depending on the status of the item 
for which the workflow was created. 

Let's walk through how this workflow 
works on an Issue Tracking list. When you 
add a Three-state workflow to the list, by 
default the workflow looks at the Issue Status 
column for the available states. (A Three- 
state workflow requires a Choice column 
that includes at least three choices.) The 
workflow will choose Active as the initial 
state, Resolved as the middle state, and 
Closed as the final state. When you create 
a new item in the Issue Tracking list and 
the workflow is set to automatically initiate 
with a new item, the workflow creates a task 
and assigns it to the user who is set as the 
Assigned To user in the Issue Tracking list. 


Support Issues 



Figure 2: Showing a task assigned to a user 
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Figure 3: Showing a link from the task back to the issue 
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Figure 4: Setting the task status to Resolved 
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Figure 5: Showing a new task assigned to the Administrator 

Tasks 


Lto the ta*j W tc f ndr nf Kwrt that raj v tout hsMi ne«fa toOTTfcte. 

tow - fcinrc " 

Strongs, " 






i 

_l Tp 



% ft 



CljICTWTW 

nlnlR£ 

secsavtu 

MM 

cU 


MM* 

Lull awn it-fmd 


t 3 1 M i- 

tt r i>TkK 


tond 



ie:ei v a -23 erra . 


Pev«eA , t&K 

KCSRVDI 

Conotcted 

O 


100% 

Customer Wl-t-s 

The te* has- £w conoketed, Piee- 




khJ 



iv&nwig p |W 


L7 ak Pmv nlMlKt 

SGCSflVflj 

ret 

W 



LuiLar« & 


1 - IBM 

CfrSfiK 

Stored 

hkrad 



ne«r/flo e> 123 error. 



Figure 6: Reassigning the task to cthomas 
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Figure 7: Viewing the completed tasks and their metadata 


l. w f-f ah l Ti iTpn r»fdl -^tstApIp. 



jfUlTwti 

J Td* 

1 Tu 


Phut? 

[ubia 


UA 


pnUtadi 

] \ -e v 

scxamt 

'flkmp 

CuTi0eied 

ra 

VjtKJpDtG 

HKHi 

customer aifZt a 

lilew- 

The as has beer- ^rifieted. 


YTmra 


ra 

tom* 



Cwiw til** 
recasTV a 122 tna. 

Th» ha hK-.^ilfd 

state MxtchrA- ■ ester tod 

WErWkiw rA-sed; 

S0CS5WL 

CEFifieted 

GO 

vtnfzm 

imn 

OiffltTFTW KTI ft D 
ttUniriQ a *YCr. 

The tart hec beer* ccretetied 


sccsawL 

CM^Kd 

go 


jinn 

Cusbvra rrz d ■ 

rtCHvpga IZlen-pr, 

The ban has been mntoud. 


The task contains a link to the list item where 
the assigned user can complete the task. 
Figure 2, page 45, shows an example of a 
Three-state workflow in action. It shows that 
user cthomas has been assigned Issue ID 1. 
You can also see in Figure 3, page 45, that an 
associated task has been added to the task 
list and assigned to cthomas and that there 
is a link from the task back to the issue. 

When user cthomas sees this task and 
navigates to the associated issue, he fixes 
the issue and sets the status to Resolved, as 
Figure 4 shows. With cthomas's task com¬ 
pleted, a new task is created and assigned 
to the Administrator (user rthomas, the 
original creator of the issue) requesting 
that she view the fix and ultimately close 
the issue. Figure 5 shows what the task list 
looks like at this point in the process. 


For the sake of this example, let's 
assume that there was a problem and that 
the Administrator had to reset the issue 
status to Active. Figure 6 illustrates that 
the Administrator task of reviewing the fix 
was completed and that an additional task 
has been assigned to cthomas to continue 
working on the issue. 

Now, let's assume that cthomas fixes 
and resolves the issue correctly and the 
Administrator reviews and accepts the fix, 
thus closing the issue. Figure 7 shows the 
succession of tasks and their metadata. 
This workflow can help keep a standard 
business process focused and renewable. 

Simple Yet Effective 

Microsoft chose to build and include some 
workflow options in the box with MOSS. 


Many users believe these work¬ 
flows are just samples to get 
you started and too simple or 
generic to be of value. It's true 
that generic workflows that can 
appeal to most users require 
keeping the functionality at a 
high level and consistent with 
problems most users face. How¬ 
ever, if you look a little deeper at 
what each of the built-in work- 
flows can do, you'll see that 
they represent a nice sampling 
of functional behavior. And you 
can use external tools to build 
much more powerful and com¬ 
plex workflows that are specific 
to your organization and busi¬ 
ness processes. 

Many business process 
problems can be solved with 
the SharePoint workflows avail¬ 
able out of the box. With some 
preparation and the ability to 
see how the technical process 
can be applied to current man¬ 
ual business problems, most 
organizations can find ways 
to increase efficiency, reduce 
errors, and begin a series of processes that 
require fewer printed documents and less 
manual intervention. Other workflows can 
require more effort to understand and 
apply to a business process. In either case, 
the resources required to create and use the 
workflows are almost guaranteed to save 
money and create a more manageable and 
compliant organization. ^ 

InstantDoc ID 101350 


Ryan Thomas 

(rthomas@syrinx.com) is director 
of the SharePoint Practice at Syrinx 
Consulting. He's a Microsoft Certi¬ 
fied Professional Developer and 
Microsoft Certified Application 
Developer, and contributes regu¬ 
larly to the Syrinx SharePoint blog 
and other industry publications. 
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Manage Different Types 
of Virtual Machines 

Quest Software has released Quest 
vWorkspace 6.0, the latest version of a 
virtualization product formerly known as 
Provision Networks Virtual Access Suite. 
(Quest acquired Provision Networks.) 
According to Quest, vWorkspace can 
help administrators deploy and man¬ 


age virtual machines (VMs) created by 
Microsoft (Hyper-V), Virtual Iron, Parallels 
(Virtuozzo Containers), and VMware (ESX 
Server). At a more granular level, vWork¬ 
space offers desktop lifecycle manage¬ 
ment, desktop integrity management, 
and allows for the delegation of adminis¬ 
tration management. vWorkspace Enter¬ 
prise Edition costs from $99 per license, 


while Desktop Edition costs from $50 per 
license. To learn more, visit 
www.provisionnetworks.com . 

Improve Your Desktop Backup and 
Security 

Symantec released a beta version of 
Norton 360 3.0, a product that pro¬ 
vides enhanced antivirus, antispyware, 
and anti-phishing protection, as well 
as email scanning, rootkit detection, 
identity protection, website authentica¬ 
tion, firewall protection, and network 
monitoring. A colored indicator informs 
users whether a website is safe (green), 
questionable (yellow), or risky (red). The 
software lets users automatically back 
up data to local storage media or use 
Symantec's online storage. Software 
license options include 2GB or 25GB of 
cloud storage. For more information, 
contact Symantec at 800-745-6054 or 
go to www.symantec.com/norton/ 
index.jsp. 
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Microsoft Opens Beta for Desktop 
Virtualization 

To prevent application incompatibility 
among OSs, consider Microsoft Enter¬ 
prise Desktop Virtualization (MED-V), a 
product currently available in public beta 
form. Simply put, MED-V—combined with 
Virtual PC—allows you to open applica¬ 
tions in a virtualized OS without actually 
seeing the other OS. You only see the 
application. While Virtual PC is free, it 
requires a licensed copy of whatever OS 
you're virtualizing. To download the MED-V 
beta, you'll need to register at connect 
.microsoft.com. 


PRODUCT 


Economical Alternative to 
Exchange 

Gordano released its first mail server 
back in 1995. Its latest mail server, Gor¬ 
dano Messaging Suite (GMS), offers 
a comparable alternative to Microsoft 
Exchange Server at a much lower price. 

"Since our original product release, 
which was a basic mail server, we've 
continually enhanced and developed 
it over the years," said John Stanners, 
managing director at Gordano. "So we 
introduced a web mail interface, and 
antivirus and antispam into the mix, 
and more recently what we call a col¬ 
laboration server that basically provides 
the equivalent services to Exchange. 

So you can use Outlook on the desktop 
against our server in the background in 
really an identical way to that which you 
would use Exchange." 

Cost is Key 

At $4,619 for 1,000 accounts, GMS could 
be a very economical choice. According 
to Stanners, "It's got very low manage¬ 
ment overhead. The administrative 
requirements are nothing like Exchange. 
We also run on much lower hardware 
specs." New 64-bit hardware to run 
Exchanger Server 2007 could in itself 
be a stopping point for many organiza¬ 


tions, and savings in time and headaches 
to manage your messaging system are also 
certainly worth factoring into your budget. 

Look and Feel 

GMS web mail is designed to look 
much like Outlook. I guess the theory 
here—as with many Exchange Server 
alternatives—is that end users will 
more readily adapt if they can still use 
their familiar Outlook client and a simi¬ 
lar web-based interface. In other words, 
they don't have to adapt much at all; IT 
admins are the ones who deal with all 
the changes. 

Gizmos Let You Customize 
Web Mail 

Gizmos are a way to add functionality to 
GMS web mail—basically, customizing the 
interface through the use of these mash- 
ups. The latest GMS release adds Gizmos 
for embedding RSS feeds into the web 
mail interface and for using the Twitter 
APIs. Gordano has also introduced Admin 
Gizmos that let administrators enhance or 
limit functionality for all users. You can also 
now embed Gizmos in windows. 

GMS is available for Windows, Linux, 

AIX, and Solaris, with identical performance 
and management on any platform. For 
additional pricing information, visit www 
.gardano.com. 


Jeff James | jjames@windowsitpro.com 

Editor's Note: Send new product announcements to products@windowsitpro.com. 
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Computerless Email for the 
Technology Challenged 

To improve communication with technology- 
challenged individuals, Celery has developed 
a system of 2-way computerless email. The 
other person only needs a fax machine. 

When you send an email, they receive it as 
a fax. You can even include common image 
formats and PDF attachments. Your corre¬ 
spondent can handwrite messages to you, 
which are scanned into PDFs and emailed 


to you. Set up requires 
one person to input 
email addresses through 
Celery's website. The 
Celery user then only 
has to write a recipient's 
name in block letters at the top of a message; 
character recognition matches the name to 
an email address and gets the message on its 
way. To learn more, visi t www.mycelery.com. 

Asset Management Solution Gets 
Vendors Off Your Back 

BigFix's Decision Support System Soft¬ 
ware Asset Management (DSS SAM) 
offers a real-time look at software assets 
across platforms. It provides an analyt- 
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ics and reporting tool that leverages the 
data aggregated by the BigFix server, with 
role-based access so IT can give accounts 
to purchasing and procurement depart¬ 
ments as well. The DSS SAM agent runs as 
a service, with a small footprint, low load, 
and no scanning. A heartbeat reports down 
to the BigFix server in response to policies 
customized to the company's needs. DSS 
SAM starts at $10 per endpoint. For further 
information, call 510-652-6700 or visit 
www.bigfix.com. 


Arkeia Offers Virtual Backup "Appli¬ 
ance" that RunsonVMware 

Arkeia Software announced what it says 
is the first virtual backup appliance—the 
Arkeia Virtual Appliance, running the 
Arkeia Network Backup v8.0 backup 
application. The appliance component 
of the product is actually a system image 
for a VMware virtual machine (VM) and 
includes licenses for a disk-based virtual 
tape library and Arkeia Backup Agents. 

The Arkeia Virtual Appliance runs on 
VMware ESX and ESXi platforms. It is cur¬ 
rently in beta and is expected to become 
generally available in March. Pricing for 
the virtual appliance deployment with 
three bundled backup agents begins at 
$2,000. To learn more, call 760-431-1319 
orvisitwww.arkeia.com. ^ 


We're in IT with You 


www.windowsitpro.com 


50 APRIL 2009 Windows IT Pro 



























































WHEN 

May 28,2009 


Is Windows 7 Right 
for You? 


WHERE 

Your computer 

COST 

$99 

LESSONS 


Join veteran Windows watcher and Windows IT 
Pro magazine columnist Mark Minasi in a clear, 
comprehensive, independent and often 
entertaining look at what Windows 7 can (and 
can’t) do for you. Mark explains what’s new in 
Windows 7 from soup to nuts to save you time and 
help you make an informed “upgrade or not?” 
decision. 


11:00 am EOT - Planning and Deploying 
Windows 7/Server 2008 R2 
12:30 pm EOT - Operating, Managing and 
Securing Windows 7/Server 2008 R2 
2:00 pm EOT - Directory Services 
Changes and Performance Enhancements 

HOW 

Register at www.WindowslTPro.com/go/ 
elearning/Windows 7 


INSTRUCTOR 

Mark Minasi is a senior contributing 
editor for Windows IT Pro, an MCSE, 
and a best-selling author, popular 
technology columnist, commentator, 
keynote speaker, and IT consultant. 
Mark is probably best known for 
his Mastering Windows Server and Complete PC 
Upgrade and Maintenance Guide books, both of 
which have seen more than 12 editions and sold 
over a million copies. 




Learn more about the speaker, sessions, 
and how to reserve your seat at: 
www.WindowslTPro.com/go/elearning/ 
Windows7 
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REVIEWS 


SysCompareProl.2 

Read the full-length review at www.windowsit 
pro.com, InstantDoc ID _ 


SysCompare Pro, published by MTM 
Software, lets you compare many systems 
across your organization through an easy-to- 
navigate GUI. SysCompare Pro is also avail¬ 
able in a Lite version that has fewer features 
and limits the number of computers you can 
target at a time to two. MTM Software pro¬ 
vides a download link for a trial version of the 
software on the company's website. I tested 
SysCompare Pro 1.2 on a Windows XP Profes¬ 
sional machine and ran scans against both 
Windows Vista and XP targets. 

Installation is easy, consisting of a single 
MSI file and requiring only Microsoft's .NET 
Framework 2.0. Once the product is installed, 
selecting machines to collect data from is easy. 
A Browse button lets you search and select a 
computer from Active Directory (AD), but you 
can't select multiple computers at once. 

When your computer scans are complete, 
the Computed Differences node expands 
automatically. From here you can drill down 


into various subsections. System differences 
are highlighted in red text and with a red 
exclamation mark that blinks for a few sec¬ 
onds. You can export the subsections to Excel, 
although you can't export them all at once— 
and the export file is formatted as XML rather 
than a standard Excel workbook (XLS). 

SysCompare Pro is a decent product. 

The Lite version is a better buy than the Pro 
version—but only if you can live with com¬ 
paring just two machines at a time. ^ 

InstantDoc ID 101363 


SysCompare Pro 1.2 

PROS: Fast installation; easy to use; no forms to 
fill out to access the trial software 

CONS: Useless color schemes; can't export entire 
differences report to Excel; can't select multiple 
computers to scan 

RATING: ♦♦❖00 
PRICE: $1,499 Pro; $99 Lite 

RECOMMENDATION: The Lite version is worth 
a look if you need a fast, easy, inexpensive, and 
lightweight way to compare a pair of systems at a 
time. But the Pro version's missing features make 
its price hard to swallow. 

CONTACT: MTM Software • 503-427-1680 • 
www.mtmsoftware.com 


Paul’s Picks 

www.winsupersite.com l\ 

SUMMARIES of in-depth product reviews^ 
on Paul Thurrott's SuperSite for Windows 

Windows 7 Public Beta 

PROS: It's the highest-quality Windows beta 
ever released. Really. 

CONS: Microsoft isn't interested in feedback. 

RATING: ♦♦♦♦O 

RECOMMENDATION: Microsoft can be 
proud that the Windows 7 Beta—which it 
describes as "API complete"—is nearly as 
usable as a final release. On the flip side, 
Microsoft isn't going to change Windows 7 
just because testers dislike certain things— 
it's interested more in bug testing. But if 
you're interested in testing compatibility and 
performance, here's your chance. You'll be 
pleasantly surprised. 

CONTACT: Microsoft • 800-426-9400 • 
www.microsoft.com 

DISCUSSION www.winsupersite.com/ 
win7/win7 beta.asp 

Windows 7 Product Editions 

PROS: Simpler than Windows Vista product 
lineup. 


Dell PowerVault DL2000 Powered by 
Symantec Backup Exec 


Read the full-length review at www.windowsit 
pro.com , InstantDoc ID 101476 . 


The Dell PowerVault DL2000 Powered 
by Symantec Backup Exec bundles a Dell 
server and external disk array with Syman¬ 
tec's Backup Exec software into a solution 
that's intended to streamline implementation 
of a backup system for companies that have 
as many as 60 servers. 

I ran into a few snags during setup, but 


doing so can save you about $1,200. The 
DL2000 isn't a turn-key solution, and shops 
with inexperienced admins will need to 
invest in a consultant to assist with configura¬ 
tion. And that means looking harder at the 
price of the DL2000 compared with other 
solutions. ^ 

InstantDoc ID 101476 


Dell PowerVault DL2000 
Powered by Symantec Backup Exec 


Backup Exec worked flawlessly. In addition to 
fast Information Store-level backups, it pro¬ 
vides impressive object-level restore. 

This product would be a good solution 
for anyone, but you don't gain much over 
purchasing the components separately, and 


PROS: Reliable hardware; proven backup soft¬ 
ware; outstanding North America-based support 

CONS: Little advantage over purchasing and con¬ 
figuring the components yourself; setup wizard 
encourages unnecessary configuration changes 

RATING: ♦♦♦00 


CONS: Still too many product editions 

RATING: ♦♦♦00 

RECOMMENDATION: Windows 7 will 
come in an array of product editions but 
unlike with Vista, each edition will be a 
superset of the one below. Most people will 
choose between the Home Premium and 
Professional editions. Other editions are 
Starter, Home Basic, Enterprise, Ultimate 
(which is essentially Enterprise minus the SA 
requirements), and a European N edition. 

CONTACT: Microsoft • 800-426-9400 • 
www.microsoft.com 

DISCUSSION: www.winsupersite.com/ 
win7/win7_skus.asp 

InstantDoc ID 101484 


PRICE: Starts at $14,000; $18,789 as tested, 
including 4TB raw (3TB usable) storage 

RECOMMENDATION: The DL2000 is a very 
good bundle, but it isn't a turn-key solution. I 
recommend it as a good solution for anyone, 
but shops with inexperienced admins will need 
to make an additional investment in consulting 
time to configure it properly. 

CONTACT: Dell • 800-999-3355 • www.tinyurl 
.com/dfjy7t 
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MARKET WATCH 


Virtualization 

CHEAP 


ON THE 

14 free 
virtualization 
tools and 
platforms 

by Jeff James 



our IT budget is feeling the squeeze these days, and virtualization can be 
one of the best tools in your toolbox for keeping infrastructure expenses 
under control. With an eye toward maximizing your virtualization infra¬ 
structure and minimizing the impact on your bottom line, iVe gathered 
more than a dozen useful virtualization tools and platforms to help you 
get the most out of your IT budget. And here's the best part: They're all 
free—as in no cost, no charge, and no fee required. 

With Microsoft and VMware both offering their basic hypervisors for free, it was 
only a matter of time before more virtualization vendors followed suit by introducing 
no-charge apps and utilities. Now, a host of vendors are providing free versions of 
existing products, ranging from virtualization-management tools to performance and 
optimization solutions. Some of these apps are obviously geared toward convincing 
you to upgrade to a full-priced retail product, but some offer surprising amounts of 
functionality. (For more information about free virtualization tools and utilities, check 
out “Free Virtualization Utilities, " www.windowsitpro.com, InstantDoc ID 98015. ) 
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VIRTUALIZATION ON THE CHEAP 


Free Virtualization Tools 

Ifyou're already using a virtualization platform 
solution such as VMware ESX Server, Virtual 
Infrastructure 3 (VI3), Microsoft Hyper-V or 
CitrixXenServer, many of these free tools can 
help you get the most out of your existing 
investment. Some work only with products 
from a particular vendor, but they all have one 
thing in common: They're free! 

Veeam Monitor 3.0 Free Edition. 
When VMware slashed the price of ESXi to 
zero last year, it opened up its latest hyper- 
visor-based virtualization technology to a 
wider audience. Recognizing the need for 
a no-cost, real-time monitoring solution for 
ESX and ESXi environments, Veeam Soft¬ 
ware introduced the Veeam Monitor Free 
Edition. According to Veeam, this app lever¬ 
ages the VMware API to keep tabs on ESX 
and ESXi environments, monitors resource 
allocation at the VM level, provides support 
for access by multiple administrators, allows 
for the creation of email alerts and alarms, 
and can correlate performance and event 
information. Veeam also touts the fact that 
the free edition of Veeam Monitor can con¬ 
nect directly to the VMware VM console. 
Find out more about the Veeam Monitor 
Free Edition a t www.veeam.com. 

Embotics V-Scout. Helping IT pros 
get the most out of VMware VirtualCenter 
is the focus of Embotics V-Scout 1.1, a free 
tool that aggregates and organizes informa¬ 
tion from up to two VMware VirtualCenter 
installations. V-Scout provides a single pane 
of glass for administrators to track and 
report on the performance of their VMs, 
discovers both online and offline VMs, 
generates VM population trend reports, and 
allows for the creation of standard and cus¬ 
tom attributes when deploying VMs from 
clones or templates. Ifyou're using VMware 
VirtualCenter, V-Scout should be at the top 
of your download list. Find out more about 
Embotics V-Scout a t www.embotics.com . 

Catbird Compliance Enforcer. 
"Security" and "compliance" are two words 
that can aggravate even the most seasoned 
IT pro. Throw a virtual data center in the mix, 
along with the need to keep all that virtual 
data secure and compliant with an avalanche 
of corporate and federal rules and regulations, 
and you have a perfect storm resulting in seri¬ 
ous IT pro indigestion. 

That's where Compliance Enforcer enters 
the picture. Offered as a free service, Compli¬ 
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ance Enforcer can analyze your existing vir¬ 
tual infrastructure and highlight rogue VMs, 
quarantine suspect ones, and generate a host 
of compliance and security reports. Compli¬ 
ance Enforcer can be configured to monitor 
and enforce controls to keep your infrastruc¬ 
ture in compliance with federal regulations 
(e.g., Sarbanes-Oxley, HIPAA, GLBA), and 
can help keep your data secure by suggest¬ 
ing best practices for hardening your virtual 
infrastructure. Find out more about Catbird 
Compliance Enforcer a t www.catbird.com. 

Tripwire ConfigCheclc and 
OpsCheclc. As the most popular virtu¬ 
alization solutions for larger enterprises, 
VMware's ESX Server and Virtual Infrastruc¬ 
ture 3 (VT3) products have created a thriving 
ecosystem for free apps and utilities. In lune 
2008, Tripwire launched ConfigCheclc, a 
free utility that can evaluate an ESX Server 
installation and ensure that it's configured 
properly and in accordance with VMware's 
best practices, particularly with regards to 
VM security guidelines. Tripwire followed 
up that success with the recent unveiling of 
another free application, OpsCheck, which 
troubleshoots configuration problems that 
might hobble VMware VMotion. 

"Virtualization professionals are faced 
with unknown territory, requiring new tools 
to manage the complexities and risks of 
virtual environments," said Dan Schoen- 
baum, chief operating officer of products of 
Tripwire. "That's why Tripwire is committed 
to developing utilities specifically for virtual¬ 
ization." Find out more about ConfigCheck 
and OpsCheck atwww.vwire.com. 

PlateSpin Recon Inventory Edi¬ 
tion. Before you dive into your next virtual¬ 
ization project, one of your first steps should 
be to do a fair amount of planning and analy¬ 
sis to ensure that the strategy you're con¬ 
sidering works well with the needs of your 
organization. PlateSpin's Recon Inventory 
Edition analyzes your data center, then gath¬ 
ers up information about traffic, workload, 
asset inventory, and application services to 
give you a clear picture of what's actually 
happening in your data center. This free ver¬ 
sion supports up to 100 servers and supports 
hardware and software inventory for virtual 
servers running Linux, Sun Solaris, and Win¬ 
dows. Find out more about PlateSpin Recon 
Inventory Edition at www.platespin.com. 

Vizioncore vOptimizer Freeware. 

Virtualization brings many cost- and energy¬ 
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saving benefits to the table, but the ease with 
which you can create, copy, and move VMs 
can quickly translate into mushrooming 
storage needs. Resource-hungry VMs gob¬ 
bling up your available network storage 
can quickly reverse some of the gains that 
virtualization gives you in the first place. 
Vizioncore attempts to alleviate some of 
those pain points with Vizioncore vOpti¬ 
mizer Freeware, a product that focuses on 
squeezing VMs—of both the Microsoft and 
VMware varieties—into more manageable 
sizes. Find out more about Vizioncore vOp¬ 
timizer Free Ware a t www.vizioncore.com. 

Microsoft Assessment and Plan¬ 
ning Toolkit. Making the switch from 
physical to virtual servers is a task that often 
requires more careful planning and delibera¬ 
tion than many IT pros anticipate. That's why 
tools such as the free Microsoft Assessment 
and Planning Toolkit come in so handy: They 
can help take most of the guesswork (and 
some of the labor) out of your next physical- 
to-virtual migration. This agentless toolkit 
searches out computers in your network, 
then generates a detailed inventory using 
WMI, SNMP, or the Remote Registry Service. 
Not only can this toolkit help you determine 
which servers to virtualize, it can also help 
you streamline the planning and migration 
to other Microsoft apps and services. Find 
out more about Microsoft Assessment and 
Planning Toolkit a t technet.microsoft.com. 

EasyVMX. An easy way to create a 
VM is to use EasyVMX, a web-based VM- 
creation tool. To use EasyVMX, you sim¬ 
ply visit the EasyVMX website, provide 
a few details about the VM you want to 
create—such as which OS you want to use, 
a description, network configuration, and 
NIC and drive details—then click Create 
Virtual Machine. EasyVMX creates the VM 
per your specifications, then provides a 
download link. An enhanced feature set is 
in the offing for EasyVMX 2.0, which will 
include improved Windows Vista support, 
better auto-detection of sound and graphics 
hardware, and Wake-on-LAN (WOL) sup¬ 
port for virtual network cards. Find out more 
about EasyVMX a t www.easyvmx.com . 

Free Virtualization Platforms 

You don't have to spend any money to start 
taking advantage of virtualization, especially 
if you're a smaller IT shop with only a few 
dozen clients. All the following solutions 
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can help you take advantage of the benefits 
of virtualization, and most are just a short 
download away. 

Virtual Iron Single Server Edi¬ 
tion. Citrix, Microsoft, and VMware have 
been garnering most of the headlines these 
days, but Virtual Iron has been providing 
low-cost, high-value virtualization products 
for years: We liked Virtual Iron enough to 
give it an Editors' Best Award in our Virtual¬ 
ization category in 2007. Now, Virtual Iron 
brings virtualization to the masses with its 
free Single Server Edition, which allows up 
to four virtual servers to run off one virtual 
CPU. No VLAN support is offered, but local 
disk storage and customer support—pro¬ 
vided via Virtual Iron's online discussion 
forums—are provided free of charge. Find 
out more about Virtual Iron Single Server 
Edition a t www.virtualiron.com. 

Microsoft Virtual PC 2007. 
Although it might not be the breakthrough 
product it once was, Microsoft Virtual PC 
2007 still provides some basic virtualization 
functionality for a hard-to-ignore price. With 
Virtual PC, you can create VMs and use 
them to run multiple OSs on the same PC. 
It's feature-limited compared with pricier 
options, but you can't beat free: Virtual PC 

2007 is available as a free download from 
the Microsoft website. A quick aside: You 
can't use VMs created by Virtual PC 2007 
with VMware Player out of the box, but you 
can use VMware Converter to convert those 
VMs into a format usable by Virtual PC. Find 
out more about Microsoft Virtual PC 2007 at 
www.microsoft.com. 

Microsoft Hyper-V Server 2008. 
After toying with the idea of selling the stand¬ 
alone version of its Hyper-V technology at a 
quixotic $28, Microsoft followed VMware's 
lead and made Microsoft Hyper-V Server 

2008 available as a free download. Microsoft 
might still have some catching up to do with 
VMware when it comes to encouraging larger 
enterprise customers to move to Hyper-V 
but Redmond is making headway with the 
SMB market. And Hyper-V is no slouch in 
the performance department: Windows IT 
Pro Technical Director Michael Otey recently 
tested Hyper-V against ESX Server ("Virtual¬ 
ization Rematch,'' InstantDOC ID 100573) , 
and Hyper-V turned in some impressive 
numbers for a release 1.0 product. Find out 
more about Microsoft Hyper-V Server 2008 
at www.microsoft.com. 


VMware ESXi. VMware ESXi is argu¬ 
ably the most advanced hypervisor cur¬ 
rently on the market, which makes the 
fact that this product is completely free all 
the more compelling. In his recent review 
of ESXi ("VMware ESXi," InstantDoc ID 
101039 ), Otey touted ESXi as a "production- 
proven virtualization platform that's easy 
to install and manage," and VMware's VI3 
management platform gives it the "ability 
to use VMotion as well as VMware's backup 
and high availability features when VI3 is 
present." Otey also liked the fact that ESXi 
provides similar performance to Hyper-V 
while providing even broader support for 
Linux guests. "If you need to run a com¬ 
bination of Linux and Windows VMs in a 
production environment, ESXi is your first 
choice in virtualization products," Otey said. 
Find out more about ESXi at www.vmware 
.com. 

VMware Player. When you don't 
need to actually create a VM—but you 
need the ability to run one—the VMware 
Player could be just what the IT manager 
ordered. Available as a free download from 
the VMware website, VMware Player lets 
you load and run VMs created by other 
virtualization products, namely VMs cre¬ 
ated by Microsoft Virtual Server, Microsoft 
Virtual PC, VMware Workstation, VMware 
Fusion, VMware Server or VMware ESX. 
This functionality conveniently lets you 
run multiple OSs on just one piece of hard¬ 
ware, and VMware also touts the ability of 
VMware Player to load and run appliances 
found in the VMware Virtual Appliance 
Marketplace. The inability to create VMs 
can be a significant obstacle for some, but 
there are a number of other apps and utili¬ 
ties that you can use to create VMs. Find 
out more about VMware Player at www 
.vmware.com . 

Sun Microsystems VirtualBox. 

Microsoft, Citrix, and VMware might rou¬ 
tinely get all the headlines when it comes 
to desktop virtualization software, but there 
are alternatives. One of the best is Sun 
Microsystems' VirtualBox, an open-source 
hypervisor that offers impressive host-OS 
support (from Windows and Mac OS X 
to Solaris, Linux, and many permutations 
thereof) and a robust list of features. Part 
of the Sun xVM product portfolio, Virtu¬ 
alBox 2.1 features upgraded support for 
storage appliances, revamped network per¬ 


formance, new 3D graphics support (via 
the OpenGL API), improved performance 
through Microsoft's virtual hard disk (VHD) 
and VMware's virtual machine disk (VMDK) 
formats, and 64-bit guest-OS support on 
32-bit platforms. 

VirtualBox has come a long way in the 
past few years, and this latest release is the 
best one yet. It's free for individual enter¬ 
prise users, but subscriptions for larger 
installations are also available, starting at 
$30 per user, per year. Find out more about 
VirtualBox 2.1 a t www.virtualbox.org . 

CitrixXenServer Express Edition. 
fust like VMware (with ESXi) and Microsoft 
(with Hyper-V Server 2008), Citrix provides 
a free version of its XenServer product, 
dubbed Citrix XenServer Express Edition. 
This version includes the same performance 
as more expensive versions of Xen, with the 
exception of all the additional functionality 
included with the Standard and Enterprise 
editions of XenServer. 

So what does Citrix XenServer Express 
give you? You can run up to four concurrent 
VMs on each XenServer host, and you get 
support for up to 4GB of RAM. It also sup¬ 
ports dual-core CPUs. If you ever want to 
upgrade to the more powerful Standard or 
Enterprise editions, Citrix provides an easy 
upgrade and licensing path to the more fully 
featured (and expensive) versions. Find out 
more about Citrix XenServer Express Edi¬ 
tion a t www.citrix.com . 

What Are Your Favorites? 

Now that you know about some of the best 
free virtualization solutions that are avail¬ 
able, I'd like to hear from you: Do you have 
any favorite (and free!) virtualization tools 
or platforms that you count on to get the 
most out of your virtual IT infrastructure? I'd 
love to hear about what works best for you, 
so drop me a message at jjames(a)windows 
itpro.com with your comments, or direct 
message me on Twitter a twww.twitter.com/ 
jeffjames3. "W 
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Jeff James 

(jjames@windowsitpro.com) is 
Editor-in-Chief, Web Content 
Strategist for Penton Media's 
IT Publishing Group. He 
specializes in server OSs, 
systems management, and 
server virtualization. 
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With a Windows IT Pro VIP subscription, 
you’ll receive: 

■ Every solution ever printed in Windows IT Pro and 
SQL Server Magazine (over 26,000 articles!) 

■ Bonus Web-exclusive content on hot topics such as 
Security, Exchange, Scripting, SharePoint, & more 

■ A12-issue (1 -year) print subscription to your choice 

of Windows IT Pro or SQL Server Magazines _ ~ 

■ The convenient VIP CD (updated and mailed 2x/year) 

A $500 value— 
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Hosted Antispam 

f | * • ■ 

I |T|^\|f| I Free up bandwidth and 

JvlUllvllJ admintime 

I by B. K. Winstead 


W e've had spam filters for about as long as we've 
had spam: The spammers get sneakier and the 
filters get smarter, in an endless loop it seems. 
Although there's likely no chance that this cycle 
will change in the foreseeable future, one type 
of solution might give you a slight advantage 
in fighting spam. I'm talking about a hosted service model for 
spam prevention. Hosted antispam solutions can cost less than 
on-premises antispam in terms of time savings and bandwidth use, 
and they can free up admins to focus on other important tasks. They 
also provide economy of scale—the more people that use a hosted 
solution, the more opportunities for the filter to discover new forms 
of spam before they affect your business. 

Benefits of Hosted Antispam 

Hosted antispam solutions are generally offered on a subscription 
model—you pick which features you want to implement and sup¬ 
ply the number of mailboxes you want covered, then the solution 
provider gives you a price quote. You can probably expect to pay 
less overall—especially when you consider administrator time 
and bandwidth savings—than if you were running your antispam 
product inhouse, plus you get the benefit of a fixed cost, making 
budgeting a smidge easier. 

Let's examine the cost-savings in time and bandwidth use. In the 
case of inhouse spam protection running behind the corporate fire¬ 
wall, your servers must begin the process of receiving each message, 
then run the various detection methods for spam before rejecting 
or quarantining a message. Outsourcing this function frees both 
the bandwidth required to receive these messages and the server 
processes necessary to examine them—and when you consider that 
most estimates suggest that 95 percent or more of all messages are 
spam, you can see that these resource savings could be huge for your 
organization. 

You should also see time savings in administration, though some 
ongoing tuning of a hosted solution will likely be necessary. Most 
services provide a means for administrators or end users to check 
their quarantined messages for false positives as well as to classify 
and report messages they receive as spam; how well the service 
implements this review process could be a key factor in choosing a 
provider. 

Setup for a hosted filtering service is usually just a matter of 
changing your MX records to point to the provider's servers so 


that all your incoming mail passes through their filters. Therefore, 
implementing hosted filtering is generally quite simple. However, 
this arrangement can cause privacy or security concerns for many 
companies, so be sure to note what protection a provider offers for 
your data. Most spam solutions combine filtering methods, using 
proprietary scanning algorithms, widely available Realtime Black- 
hole Lists (RBLs), Bayesian or pattern-recognition filters, and 
other methods. Because of the many types of spam, and the many 
characteristics of such messages, it's widely recognized that using 
a layered approach to detection relying on different engines and 
techniques is the most effective way to capture unwanted mes¬ 
sages. 

Perhaps the strongest selling point in favor of hosted antispam 
filtering is the service providers' ability to quickly react to new 
threats. In addition to using multiple filters, service providers can 
draw on their vast networks of clients to alert them to the latest 
type of spam currently hitting email inboxes. For instance, as 
soon as a message is recognized as spam anywhere on the service 
provider's network, the provider should tag that message as spam 
across all the recipients it's hosting (assuming, of course, the spam 
was a mass mailing). The larger the provider's customer base, the 
more people available to report spam, and therefore the less likely 
that any one customer will see spam make it through the filter. By 
the time a new, malicious email message targets your users, there's 
a good chance your hosted provider already has it blocked. Most 
service providers announce their frequency of updates so you can 
tell how current your protection should be at any time. 

The Email Security Suite 

Many of the hosted antispam service providers offer up-to-the- 
minute spam protection as part of an overall email security suite, 
bundling such features as virus and malware protection, instant 
messaging (IM) protection, and outgoing message filters and 
encryption, with spam filtering. Many providers also feature email 
archiving and disaster recovery or failover services. 

In most cases, you can expect to pay more for additional features, 
but you'll probably still see a better price than what it would cost to 
find and implement multiple point solutions to achieve the same 
level of security. If you already have strong messaging security in 
place and are just looking to beef up your spam filtering, you'll 
have no trouble finding service providers that can give you just that 
piece. 
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The All-Important SLA 

Perhaps the most important part of picking 
a hosted antispam service provider is exam¬ 
ining its service level agreement (SLA). No 
doubt you've encountered companies that 
promise to achieve certain levels of service 
but deliver much less. The SLA protects you 
and ensures that you get what you're paying 
for, so read it carefully and make sure it cov¬ 


ers all the features that you consider essen¬ 
tial. It should also clearly spell out what the 
consequences will be should the provider 
fail to meet its commitments. 

A basic SLA for spam filtering should 
cover such things as spam capture rate, rate 
of false positives, and overall system uptime 
availability. It might also include timeframes 
for support response from the provider, 


based on the severity of an incident. Email 
latency might be another major concern— 
considering you're sending all your inbound 
messages through the host's servers first, 
how much of a delivery-time delay are 
you willing to settle for? Naturally, if you're 
taking advantage of additional security fea¬ 
tures, pay close attention to what's offered in 
the SLA for those as well. 
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Administrative 

Interface 

Also 

Available 
as Part of a 
Suite 

Virus/ 

Malware/ 

Spyware 

Protection 

Outgoing 

Message 

Filter/ 

Encryption 

Disclaimer 

Management 

AppRiver 

866-223-4645 

850-932-5338 

www.appriver.com 

SecureTide 

Contact 

vendor 

No 

Client GUI and 

web-based 

interface 

Yes 

Yes 

Yes 

Yes 


Google 

Google 

$12 per user No 

Web-based 

No 

Yes 

Yes 

866-767-8461 

Message 

per year 

interface 




650-486-8100 

Security 






www.google.eom/a/ 

security 








MessageLabs (now 
part of Symantec) 

866-460-0000 

646-519-8100 

www.messaqelabs 

.com 

MessageLabs 
Email Anti- 
Spam 

$1.54 per user 
per month for 
up to 1,000 
seats 

No 

Client GUI and 

web-based 

interface 

Yes 

Yes 

Yes 

Yes 

Microsoft 

Corporation 

800-642-7676 

425-882-8080 

www.microsoft.com 

Microsoft 

Exchange 

Hosted Filtering 

$12.12 per 
user per year 

No 

Web-based 

interface 

Yes 

Yes 

Policy 

enforce¬ 

ment 

included 

Yes 

MX Logic 

877-695-6442 

720-895-5700 

www.mxlogic.com 

MX Logic Email 
Defense Service 

$1.00 per user 
per month 
for the MX 
Enterprise 

No 

Client GUI and 

web-based 

interface 

Yes 

Yes 

Yes 

Yes 


Defense Plus 
package 
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HOSTED ANTISPAM SOLUTIONS 


Many Providers, Lots of Choices 

The field of antispam vendors is vast even 
if you're looking specifically for a hosted 
antispam service provider, and you'll prob¬ 
ably want to consider additional factors to 
narrow down the candidates—things such 
as whether end users or only administra¬ 
tors can review message quarantines, or 
whether administration is web-based or if 


a client-side GUI is available. As in all such 
buying decisions, consider which features 
are a necessity and balance that with your 
budget. The attached table gives you a quick 
start on your search by highlighting some of 
the top hosted antispam solutions and what 
features they're offering. ^ 

InstantDoc ID 101497 



B. K. WINSTEAD 

(bwinstead(5)windowsitpro 
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for Windows IT Pro and SQL 
Server Magazine, specializing 
in messaging and unified 
communications. 
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HOSTED ANTISPAM SOLUTIONS 


Company Name 

Product Name 

Pricing/ 

Licensing 

Client 

Hardware/ 

Software 

Required 

Administrative 

Interface 

Also 

Available 
as Part of a 
Suite 

Virus/ 

Malware/ 

Spyware 

Protection 

Outgoing 

Message 

Filter/ 

Encryption 

Disclaimer 

Management 

Proof point 

408-517-4710 

www.proofpoint.com 

Proof point on 
Demand 

Starts at 
$2,400 per 
year 

No 

Client GUI and 

web-based 

interface 

Yes 

Yes 

Yes 

Yes 


Sophos 

Sophos Email 

$3295 

Yes, hard¬ 

Web-based 

Yes 

Yes 

Yes 

888-767-4679 

Appliances 

(ESI 000 appli¬ 

ware 

interface 




781-494-5800 


ance cost for 






www.sophos.com 


one year) 







SpamStopsHere SpamStopsHere $1 peruser No 

800-458-3348 per month 

734-426-7500 


Client GUI and No Yes Yes Yes 

web-based 

interface 


www.spamstopshere. 

com 


Trend Micro 

800-228-5651 

408-257-1500 

www.trendmicro.com 

Trend Micro 
InterScan 
Messaging 
Hosted Security 

Contact 

endor 

No 

Web-based 

interface 

Yes 

Yes 

Outbound 
filtering 
in the 
Advanced 
edition; 
encryption 
is an add¬ 
on service 

Yes, in the 

Advanced 

edition 

Websense 

800-723-1166 

858-320-8000 

Websense 

Hosted Email 
Security 

$12 per user 
per year 

No 

Web-based 

interface 

Yes 

Yes, with 
suite 

Yes, with 
suite 

Yes, with suite 


www.websense.com 
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HOSTED ANTISPAM SOLUTIONS 
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200,000 structural 
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spam and valid 
messages. 


day 






Yes, by 

Yes 
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Yes 

Updated 
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Yes 

99 percent 

1 in 


routing 
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Yes 


100,000 


through 



destination URL 
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third-party 
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access to 






server 
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real-time 
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Sophos SXL 









analysis, message 
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checksum analysis, 


tification 









backscatter pro¬ 
tection via BATV 
enforcement 


technology 






Yes 

Yes 

No 

Proprietary 

Yes 

1 minute 

Yes, both 

Yes 

99 percent 

1 in 





database-driven 
filtering engines 
include URL/ 
phone filter, 
phrase filter, 
signature-based 
and IP-based 
filters. Optional 
filters include Real- 
Time Blackhole 

List, country of 
origin, and policy 
enforcement 
filters 




Yes 


100,000 


Yes 

Yes 

Available 

Trend Micro 

Yes 

Every 15 

Yes, both 

Yes 

99 percent 

1 in 




separately 

Smart Protection 


minutes 


End users 


400,000 





Network cor¬ 




control 







relates statistical 




whitelists 







analysis, advanced 
heuristics, signa¬ 
tures, URL reputa¬ 
tion, blacklists, 
and whitelists 




only 




Yes 

Yes 

No 

Adaptive filtering 

No 

Continuous 

Yes, both 

Yes 

99 percent 

1 in 





(Bayesian and 




Yes 


250,000 


whitelist), lexical 
analysis, IP-based 
reputation, check¬ 
sum databases,3 
different Real- 
Time Blackhole 
Lists, spam traps, 
whitelists and 
blacklists, and 
attachment pars¬ 
ing (optical char¬ 
acter recognition, 
image parsing, 

PDF parsing) 
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INDUSTRY BYTES 


■ Recession Proofing ■ Virtualization ■ Exchange 


INSIGHTS FROM THE INDUSTRY 


8 Ways to Recession-Proof Your IT Department 


Network Instruments recently offered 
Windows IT Pro readers eight tips for mak¬ 
ing your IT department recession proof. In 
the face of turbulent economic times, it can 
be difficult to decide what steps to take to 
reduce costs while ensuring your network 
meets your business needs. These tips 
present immediate and long-term steps to 
improve network efficiency and reduce IT 
costs. 

1. Understand Network Demand 
and Application Behavior 

It has been said that you can't know where 
you're going if you don't know where 
you've been. The same holds true for 
network management and capacity plan¬ 
ning. Unless you have an idea of normal 
application behavior in the past, it's dif¬ 
ficult to gauge acceptable performance in 
the future or how the network will respond 
to new application rollouts. Establishing 
benchmarks and understanding long-term 
network utilization are key to ensuring 
effective infrastructure changes. In addi¬ 
tion, understand network demand and 
behavior to ensure accurate long-term 
planning and handling of new business 
requests. 

2. Eliminate Unauthorized Applica¬ 
tion and Device Use 

Unauthorized applications and network 
devices can consume significant band¬ 
width and resources and constitute a secu¬ 
rity threat. Daily network monitoring and 


asset tracking allows your staff to quickly 
identify unauthorized application and 
device use. 

3. Save Money Using PC Power 
Management 

Going green can save your company green. 
PC power-management software moni¬ 
tors computer activities and powers down 
systems when not in use. You can also use 
the software to implement policies that 
place the computers into standby mode 
after closing. 

4. Harness the Power of 
Virtualization 

Use virtualization to consolidate network 
servers for more efficient use of network 
resources. Relying on virtual servers 
reduces the need to purchase physical 
machines, saves money by reducing power 
consumption, shortens disaster-recovery 
time, and allows you to easily establish 
server and resource redundancy. 

5. Align IT with Business 

Managing IT costs is part technical and 
part personal relationships. In the cur¬ 
rent cost-cutting environment, it can be 
hard to avoid the knife even when your 
department is contributing positively to 
the company's bottom line. In early 2000, 

IT departments faced cuts due to a lack of 
understanding of how they contributed to 
business revenues. Although understand¬ 
ing has improved, the CIO can take steps to 


minimize the chance of having the budget 
slashed. First, organize IT costs around 
services and processes visible to the busi¬ 
ness. Second, establish strong relationships 
and clear communication with the CFO, 
explaining the risks of postponing infra¬ 
structure investments or reducing services. 

6. Automate Business Processes 

With layoffs plaguing many companies, 
now is the time to improve business 
efficiency with automation. For example, 
improving your company's capabilities to 
hold meetings online can reduce the need 
for travel. Are there any customer care 
services that can be delivered online rather 
than over the phone? 

7. Prioritize Projects 

As you face more project requests than 
available dollars, now is the time to pri¬ 
oritize projects in the queue. At the very 
least, determine which projects are neces¬ 
sities versus nice-to-haves. Taking it a step 
further, it's important to conduct in-depth 
cost-benefit analyses of each project to 
determine what value it offers short term 
and long term. Also, keep company annual 
growth targets in mind and determine 
what IT investments are necessary to 
achieve them. 

8. Create HR Policies for Web 2.0 
Applications 

Although Web 2.0 applications can boost 
company productivity, they also increase 
exposure to security and compliance 
threats. Adopting policies that appropri¬ 
ately restrict use and educate users about 
potential risks can reduce bandwidth 
demand, security threats, and liability 
exposures. 

—Jason Bovberg 
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Wanted: Your Real-World Experiences with Products 

Have you discovered a great product that saves you time and money? Do you use 
something you wouldn't wish on anyone? Tell the world in a review in 
What's Hot: Readers Review Hot Products. If we publish your opinion, we'll 
send you a Best Buy gift card and a free VIP subscription to Windows IT Pro! 

Send information about a product you use and whether it helps you or 
hinders you to whatshot@windowsitpro.com. 
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ADVERTISEMENT 


Product Review 


Track Active Directory Changes 

NetWrix AD Change Reporter tracks changes to Active Directory and 
Group Policy and sends daily reports by e-mail. 


NetWrix Active Directory Change Reporter 

Price: Freeware and Commercial versions are available. 

NetWrix Corporation 1888-638-97491 www.netwrix.com 
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Figure 1: Program configuration settings and report sample. 


■ By Greg Singleton 

Active Directory, with vast variety 
of network services, is a complex 
database containing users, groups, 
and many other types of objects 
to define user identities, access 
control, and policies. With so many 
objects and IT people managing all 
this, it is very easy to get lost and 
have no idea who changed what and 
when: in a word—AUDIT. Consistent 
auditing is a very important process, 
especially if you work for a public 
company or a bank and have to 
comply with external regulations. 

According to the vendor, Active 
Directory Change Reporter tracks 
all changes made to AD and Group 
Policy and automatically sends daily 
reports detailing all changes made 
through the last day. Reports list 
newly added and removed objects, 
modified objects with previous and 
current attribute values, and all 
Group Policy changes, with tracking 
information about who made the 
change and when the change was 
made. 

NetWrix provides two versions of 
the tool: commercial and freeware. 

I tried both versions and despite 
some limitations, the free version is 
still very useful to analyze changes, 


PRO 

5 

con 

s 

- Easy to set up and 

use. 

- Focused on AD/ 

GPO auditing, with no 
extra frills. 

- Good support for 

Group Policy auditing. 

- Lightweight agents 
on DC are optional. 

- Only 10 predefined 
reports. 

- Hard-to-configure 
monitoring of multiple 
domains. 

- Separate tools for 
configuration and 
reporting. 

- SQL-based reports 
are not configured 
automatically. 


but does not report on who made 
the changes. Not a big deal for a 
one-man (OK, two-men :) IT shop, 
but probably a showstopper for 
bigger companies with dozens of 
folks with admin rights. A full list of 
supported features can be found in 
the datasheet. 

The commercial version 
includes full information about all 
changes and supports SQL Server 
Reporting Services as a backend 
for report generation, with several 
good reports out of the box. Free 
version of SQL 2005 (SQL Express) 
works fine. Another nice feature 
of the commercial version is a 
Rollback Wizard for quick rollback 
of unwanted changes. I haven’t 
experimented much with that, 


but looks pretty good, I was able 
to “undelete” several test users 
and rollback a couple of group 
membership changes. 

Other vendors providing similar 
tools include: Quest InTrust™, 
NetPro ChangeAuditor™ (NetPro 
was recently acquired by Quest), 
ScriptLogic Active Administrator™. 
These tools are worth looking at 
also, but none offers a freeware 
version and can be much more 
expensive. 


Greg Singleton (gsingleton@strattisoft.com) is 
Managing Partner of Strattisoft Technologies; an 
Ottawa, Canada based IT solutions reseller. 
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■ INDUSTRY BYTES 


Microsoft's David Greschler talks about App-V and MED-V 


Microsoft's virtualization strategy is unfolding quickly and it can 
be difficult to keep up with the company's virtualization direction 
and products. During a recent visit to the Microsoft campus, David 
Greschler, director of Microsoft's Integrated Virtualization Strategy 
group (formerly a co-founder of Softricity) shared Microsoft's plat¬ 
form vision of virtualization with Windows IT Pro. Along the way 
he discussed the purpose and role of Microsoft's new App-V and 
MED-V products. 

David shared some of Microsoft's most important virtualization 
product news—Remote Desktop Services, App-V, and MED-V. First, 
from the presentation virtualization standpoint, David pointed out 
that, with Windows Server 2008 R2, Terminal Services has been 
rebranded as Remote Desktop Services to better reflect its role in 
providing desktops and applications across the enterprise. 

David explained the purposes behind App-V (Microsoft Appli¬ 
cation Virtualization) and MED-V (Microsoft Enterprise Desktop 
Virtualization). App-V 4.5 is essentially Microsoft's most recent 
update to the SoftGrid desktop application product that Microsoft 
acquired with its acquisition of Softricity. App-V provides application 
virtualization.The App-V client runtime enables running virtualized 
applications on your enterprise client systems. Virtualized applica¬ 
tions can be installed and run on client desktops without making 


changes to the client's host file system or registry. App-V enables 
centralized deployment and management of virtual applications via 
Active Directory. 

MED-V is a different animal altogether. MED-V is a desktop 
virtualization solution that's based on Microsoft's Virtual PC technol¬ 
ogy. Much like VMware's fusion or Parallels Convergence, MED-V 
allows the seamless integration of applications running in a virtual 
machine (VM) with the host PC's desktop. MED-V lets you run appli¬ 
cations that may be incompatible with the desktop OS without 
requiring the user to deal with the complexities of operating a VM 
on the desktop. The Virtual PC function operates in the background 
and the end user can work with the virtualized MED-V application 
as if it were a normal desktop application. 

David briefly mentioned that another virtualization technology 
coming down the pike is the project based on Microsoft's acquisi¬ 
tion of Calista Technologies. Calista is aimed at the development of 
a virtual Graphical Processing Unit (GPU) that enables VMs to run 
graphically intensive applications with full fidelity. 

You can listen to the podcast of a portion of this interview at 
tinyurl.com/greschlerinterview. 

—Michael Otey 
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■ INDUSTRY BYTES 

Use Social Networking to 
Boost Your Career 

Social networking is not just for teens and young adults anymore— 
more than half of MySpace users are over 35, according to a com- 
Score study. And, just as it's beneficial to your personal life to keep 
in contact with those close to you, it's valuable for your professional 
career to keep close contact with the people in your industry and 
organization. Below are some ways to enhance your career, both 
inside your organization and out. 

Social Networking Inside Your Organization 

Social networking gives you a face, creating a more pleasant and 
personal experience and increasing the likelihood that employees 
will praise your work. By developing a relationship beforehand, you 
can improve future encounters and create a more positive experi¬ 
ence for employees when something does go wrong. 

One way to get the conversation started is to use Twitter to send 
mini-updates when the network goes down or other blips occur. (Be 
sure to mention when you expect the problem to be fixed, if possible.) 
Employees will be able to plan their schedules accordingly, and they 
will appreciate you thinking of their needs. Another use of a service 
like this is to send quick reminders, such as reminders on safe Internet 
browsing or how to troubleshoot common problems. 

In a similar vein, you can create your own blog, use the company 
Intranet, or use blogging sites such as MySpace or Xanga to write 
in-depth articles on troubleshooting problems. This will empower 
employees and reduce the amount of basic calls you have to handle. 

Social Networking Outside Your Organization 

Now is the time to start building up a portfolio and reputation that 
will enable you to be successful in the future. One of the best ways 
to do this is to start your own blog or contribute to other industry 
blogs. Write in-depth pieces or just comment on the latest industry 
trends, and you'll have a backlog of reputation-building material the 
next time a potential employer Googles you. 

If you like the idea of building relationships with others in your 
industry but don't want to commit to a blog, you can always join 
an industry-related forum. By signing your name at the end of each 
response you send, you will not only build relationships with the 
people whose problems you troubleshoot, but you'll also increase 
the number of search results Google indexes for your name. 

Balance Is Key 

Obviously, it'd be easy to let these pursuits get in the way of your 
day-to-day tasks. Start small with one or two social networking com¬ 
mitments, and increase your communication as you become more 
comfortable and efficient with managing this new element of your 
professional life. You'll make new friends, new professional contacts/ 
references, and maybe even solidify the next big milestone in your 
career. 

—Brian Reinholz 
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INDUSTRY BYTES ■ 


Atmail Outback: Email Developer Hits the Open Road 


When you're troubleshooting a tough problem on your Microsoft 
Exchange server, where do you go for inspiration? How about if 
you're looking for ways to improve your procedures to save time or 
money? Maybe you step outside and park yourself under a big tree 
and gaze skyward. Maybe you close your office door, turn off the 
lights, and let your mind wander as you contemplate a lava lamp. 

Of course, I hope some of you turn to the Exchange Server and 
Outlook content available from Windows IT Pro. But I'll bet most of 
you didn't think of finding an answer by taking a six-month trip 
across Australia, as Ben Duncan, the founder and CEO of email sys¬ 
tems provider Atmail, is doing. 

Beginning this week, Duncan took to the road in a Land Rover 
specially outfitted with a computer development environment, an 
Atmail email server, satellite broadband access, solar panels, and a 
rooftop tent for sleeping. 

With offices in the United States and Australia, Atmail provides an 
alternative to Microsoft Exchange Server—either as the Atmail Email 
Server software or as a complete turnkey solution in the Atmail 
Appliance. The Atmail solution includes shared contacts, calendars, 
and tasks—as all businesses have come to rely on—and syncs with 
Outlook 2007/2003/2000 via the Atmail Outlook Sync Utility. 


Atmail supports SMTP, POP3, and IMAP connections, and pro¬ 
vides its own web mail client. A recent update added push email 
support for the iPhone, Windows Mobile devices, and other 
ActiveSync-capable devices. And here's a feature that even 
Microsoft hasn't figured out yet: The Atmail Email Server uses a 
Microsoft SQL Server database backend for all that unstructured 
user data. 

Duncan has hit the road for inspiration before. Back in 2000, 
he made a similar pilgrimage around Australia—although without 
quite so many of his current high-tech gadgets—when he was 
developing Atmail. In addition to any innovations to Atmail that 
he might develop, Duncan's current adventure will showcase how 
mobile or remote workers can be fully functional and integrated 
members of any working team—as long as they have good email 
and collaboration products. 

You can follow Duncan's progress on his Atmail blog. And don't 
forget to check out the pics from the live streaming CarCam.They 
should be really exciting—or at least they will be once he gets out 
of the city and into the wilds. ^ 

—B. K. Winstead 

InstantDoc ID 101375 
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For more information visit WWW.spydaman.com 
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Don't sweat the small stuff...or the big stuff. 

MigratePro handles the grunt work for 
you; migrating your shares, share 
settings, and data to your new server. 



Endi April 30,200$ 

Details at www.SoftwarePursiiits,eom/MPro25 

3QO-367-4S23 or 650-372-0900 Software Pursuits tfi& 

APRIL 2009 69 


www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 
































Left-Brain.com 

The IT 

Information 

Store 

Left-Brain.com is the new online 
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with educational, training, and 
career-development materials 
concentrated on the needs 
of IT professionals like you. 


Whether new technologies, 
shrinking staff, increased 
IT-service expectations, or 
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Email your industry humor, 
scandalous rumors, funny 
screenshots, favorite end-user 
moments, and IT-related pics to 
rumors@windowsitpro.com. If 

we use your submission, you'll 
receive a Ctrl+Alt+Del coffee 


Vour computer date has gone backwards since this program was last run. Please correct the date 


by Jason Bovberg 




User Moment of 
the Month 


My laptop computer ran fine until I loaded it with 
so much stuff that I needed to keep restoring it and 
eventually using Safe Mode. One day, I was running 
a power-intensive program and the computer froze. I 
decided to unplug it, thinking that it would eventually 
hibernate or go into stand-by mode, but that solution 
failed. So, I pulled the battery out (I don't recommend 
trying that), and the 
computer turned ii 
off. When I turned 
the computer back 
on, the screen was 
blank. I tried to plug 

the laptop into the JL 

monitor—no luck. 

My next step was 

to pull out the hard 

drive. When I did, I 

found that one of the 

six silver screws holding „ 

the hard drive in place was 

charred: A large jolt of electricity 

had zapped from the battery through the computer, 

burning the screw. You can imagine what happened 

to the hard drive. 


Following up February's memorable Keyboard for Blondes comes 
the iBreath, from David Steel Enterprises. The press release hails the 
iBreath as "the ultimate iPod accessory that lets users test their own 
blood alcohol content." The iBreath is a fully functioning alcohol 
breathalyzer, which also doubles as an FM transmitter that wire¬ 
lessly sends your iPod tunes to any FM receiver. So, after that long 
evening of battling network problems while imbibing your favorite 
after-hours IT beverage, you can easily plug in this little device to 
ensure that you're road-worthy.The iBreath costs $79 and is available 
at www.davidsteele.com. 


Now that 
you've given 
me permission, 
I believe I shall 


Sapgui 710 


Bill Hallaz 


Apprentice 4.30 


The time-travel approach to systems administration 
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